Codesign with entitlements on Mac OS

jj_lakemont

I create a mac app using Qt and Apple's Network extension for VPN connection. From Apple Developer's console, I enabled personal VPN, and download distribution provisionprofile. then I loaded the provision profile into Xcode, that gives me an entitlement file (xcent). Finally, I built my app with Qt and a script. When I sign the app, I first copy the provision profile into Contents of the app as embedded.provisionprofile, then codesign it:

codesign --entitlement my_entitlement_file MyApp

However, when I download the app to a new Mac, taskgated-helper kills the app with signal 9. in system log, I can see the following messages:

taskgated-helper MyApp: Unsatisfied Entitlements: com.apple.developer.networking.vpn.api, com.apple.developer.team-identifier
...
codesignature validation faile fatally: when validating Myapp: Code has restricted entitlements, but the validation of its code signature failed.
...

If I open the package content and double click embedded.provisionprofile to install, then the app can run without error.

It appears that the way I add embedded.provisionprofile is not quite right. taskgated-helper doesn't find provisionprofile inside the app.

What is the proper way to add embedded.provisionprofile into app bundle?

SGaist

Hi and welcome to devnet,

Did you try with macdeplyoqt ?