0

I have a Mac app that requires custom downloads for each user. I've done everything to sign the app for Gatekeeper, and it all verifies on the build. But when the app gets downloaded from the website with the custom file added, Gatekeeper no longer verifies.

Is there a way to do custom files without re-signing the app for each download? I just need to update a .plist file in the app bundle. The website is written in ASP.Net, so signing on the server probably won't work.

tghw
  • 25,208
  • 13
  • 70
  • 96
  • If ASP.NET tries to sign on the server where asp.net website hosted ( as you said in last line), then `Apple certificate` might be missing in that server - http://successfulsoftware.net/2012/08/30/how-to-sign-your-mac-os-x-app-for-gatekeeper/, and that might be incorrectly signing with some other certficate. – Arindam Nayak Nov 15 '14 at 09:17

1 Answers1

1

It sounds like you are attempting to sign your .app bundle, upload it to a web-server, and them modify a .plist value inside the .app wrapper before the .app bundle is downloaded and given to a customer.

Gatekeeper will not allow this. (At least, it will not allow it with "version 2" signatures, which are required for deployment on OS X 10.9.5 or later. It was permitted with the older signing system, so if you are content to deploy on OS X < 10.9.5, you could get away with it.)

See Apple Tech Note 2206 for reference (in particular the FAQ "I want to exclude files so I can fix my bundle after I build it"):

https://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG302

Note: If you modify your .plist entry as you say you will end up with a broken signature, but all hope is not lost. If your users have the default security settings, they can still right-click on your .app bundle and say 'Open.' This will result in some scary security warnings from Apple, but if your users persist in clicking 'OK' then they will be able to run your app just fine.

1203_dube
  • 214
  • 1
  • 3