Skip to content

Fix MAS: Remove App Groups entitlement #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
CydeSwype merged 5 commits into from
Jan 9, 2026
Merged

Fix MAS: Remove App Groups entitlement #16

CydeSwype merged 5 commits into from
Jan 9, 2026

Conversation

@CydeSwype
Copy link
Owner

@CydeSwype CydeSwype commented Jan 8, 2026

Issue

The entitlements file contained App Groups capability, but the App ID does not have this capability enabled. This mismatch causes Transporter validation to fail.

Solution

Removed the App Groups entitlement from desktop/entitlements.mas.plist.

Updated Entitlements

The MAS build now only includes entitlements that match the provisioning profile:

  • ✅ App Sandbox
  • ✅ Network Client
  • ✅ File Access (user-selected)
  • ✅ JIT compilation (for Electron)
  • ❌ App Groups (removed - not in provisioning profile)

This should allow the MAS package to pass Transporter validation.

@wildfire-corp
Add unique-slug@5.0.0 to package-lock.json
e051980
@wildfire-corp
Add explicit PKG installer signing for MAS builds
088496a
@wildfire-corp
Fix MAS signing: Remove --options runtime flag
a7d9c62 
The --options runtime flag causes codesign to add the
com.apple.developer.team-identifier entitlement, which is
not in the MAS provisioning profile. This flag is only for
Developer ID distribution, not Mac App Store builds.

Fixes Transporter validation error 409.
@wildfire-corp
Fix MAS build: Disable hardenedRuntime for Mac App Store
06156bd 
hardenedRuntime is for Developer ID apps (notarization), not MAS.
When enabled for MAS, it adds com.apple.developer.team-identifier
entitlement which is not in the provisioning profile.

MAS apps don't need hardened runtime - they're sandboxed.

Fixes Transporter error 409.
@wildfire-corp
Remove App Groups entitlement - not enabled on App ID
a752e7f 
The App ID does not have App Groups capability enabled,
so this entitlement must be removed from the bundle to
match the provisioning profile.

Fixes Transporter validation error.
@CydeSwype CydeSwype merged commit 6180c12 into master Jan 9, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CydeSwype @wildfire-corp