0

I have a macOS application written in Java, you can try it from here:

http://www.eazycnc.com/downloads/EazyCNC-2.0.38.dmg

When I try to launch the application I get a

“EazyCNC-2.0.38.app” is damaged and can’t be opened. You should move it to the Bin error dialog.

This is in Ventura 13.3 (22E252) on M2 MacBook Pro 15" 32 GB 2TB mac.

A friend tried this and with the same result on an Intel MBP with Ventura.

I have tried to remove the quarantine attribute (a trick that used to work on my old Intel MBP Monterey) with:

xattr -rc /Applications/EazyCNC-2.0.38.app

This did not help.

An other friend on the Ventura version that I am using but on a M1 MacBook was able to get the application to launch with:

xattr -rc /EazyCNC-2.0.38.dmg

The OS still complained about the app being damaged but it would allow launching it anyway.

Doing

xattr -rc /Applications/EazyCNC-2.0.38.app/Contents

removed the error altogether for him, none of that worked for me.

I tried to add the app to Developer Tools in System Settings / Privacy & Security but this did not help.

I have tried to 'right click' / Open the file twice which was a requirement for non signed / un-registered application in the past. Did not work.

I do get the Open Anyway button in System Settings with the text "EazyCNC-2.0.38.app was blocked because it is not from an identified developer but clicking that button gets me to the application is damaged dialog.

I have also tried to disable the 'assesment' (what ever it is) with:

sudo spctl –-global-disable
spctl --status                                                        
assessments disabled

At some point the Allow applications downloaded from (o) Anywhere option appeared in the System Settings.

enter image description here

This was not there to begin with, but having it there helps none.

Nothing helps.

[edit] for full disclosure this Mac is remotely manage (I have Admin rights) protected :( by Cortex XDR), in case that makes a difference.

As a last clue I just did:

 spctl --assess /Applications/EazyCNC-2.0.38.app 
/Applications/EazyCNC-2.0.38.app: code has no resources but signature indicates they must be present

Don't know if that is related.

I have no problems running the JVM and my code from Eclipse.

I don't think this is a Java related problem as such because I think it is the native launcher in .app/Contents/ that it is blocked by the macOS. I believe the native launcher (created with jpackage) is Intel (and Get Info on the file says that it is recognised as such). The actual JVM (from temurin-11.jdk) is also Intel.

As this is a hobby project with no income I would hate to pay for Apple Developer registration.

Correction:

 java --version
openjdk 18.0.2 2022-07-19
OpenJDK Runtime Environment Temurin-18.0.2+9 (build 18.0.2+9)
OpenJDK 64-Bit Server VM Temurin-18.0.2+9 (build 18.0.2+9, mixed mode)
nyholku
  • 456
  • 3
  • 15

1 Answers1

1

The code signature is invalid:

% codesign --verify EazyCNC-2.0.38.app 
EazyCNC-2.0.38.app: code has no resources but signature indicates they must be present

The binary in Contents/MacOS is signed as if it were a standalone binary, not an app. There is no Contents/_CodeSignature/CodeResources, and codesign -dv reveals that there is no Info.plist bound to the signature.

After running xattr -rc, I was able to get the app to launch by first dumping its entitlements with

codesign -d --entitlements - --xml EazyCNC-2.0.38.app/Contents/MacOS/EazyCNC >ent.plist

And then re-signing it with:

codesign -f -s - --entitlements ent.plist EazyCNC-2.0.38.app

Notes:

  • You'll want to specify the entire .app bundle, not the binary within.
  • Using -s - only works for non-quarantined files, so for files that users will download from the internet, you'll need a real code signing identity.
  • If you previously tried to launch the app while it had an invalid code signature, then that old signature will be cached on the vnode and will prevent the app from launching. To get around this, either copy the entire app to a new location and delete the old files, or reboot your machine.
Siguza
  • 21,155
  • 6
  • 52
  • 89
  • Thanks! I was able to do the same and now it works for me. I created a script that does the same and I sent to my pilot user, have not yet heard back from him. So I figure I would create a self assigned (is that the term) certificate and sign it. This worked for me but when I upload it to the server and download it, I now get "“EazyCNC-2.0.39.app” can’t be opened because Apple cannot check it for malicious software." The file is here: http://www.eazycnc.com/downloads/EazyCNC-2.0.39.dmg It was signed like this (need to put to next comment, running out of chars). – nyholku Apr 08 '23 at 18:03
  • I sign it using ant as I use that to automate my build: The resulting .app launches without problems/comments before I up/down load it. – nyholku Apr 08 '23 at 18:05
  • Well that's an issue of [notarisation](https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution) now. There is `xcrun notarytool`, for which Apple shows some example usage on [this page](https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow). And yes, Apple is making this increasingly more annoying on purpose. – Siguza Apr 08 '23 at 19:19
  • Hmm, it is still quarantined (of course), doing: sudo xattr -rc EazyCNC-2.0.39.app seems to make it run. – nyholku Apr 09 '23 at 06:12