Stack Overflow
Stack Overflow

Questions tagged [osx-gatekeeper]

Gatekeeper is a new feature in OS X Mountain Lion that helps protect users from downloading and installing malicious software. Signing your applications, plug-ins, and installer packages with a Developer ID certificate lets Gatekeeper verify that they are not known malware and have not been tampered with.

Gatekeeper makes it safer to download apps by protecting you from inadvertently installing malicious software on your Mac. The safest place to download apps for your Mac is the Mac App Store. Apple reviews each app before it’s accepted by the store, and if there’s ever a problem with an app, Apple can quickly remove it from the store. When you download software from any other place on the Internet, Gatekeeper makes that safer, too. Developers can get a unique Developer ID from Apple and use it to digitally sign their apps. The Developer ID allows Gatekeeper to block apps created by malware developers and to verify that apps haven’t been tampered with. If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.

126 questions
3
votes
1 answer

Successfully codesigned and notarized app getting unable to verify developer when running

I have a fully codesigned .app which is successfully notarized. However when running the app on someones computer. They get the error "App" cannot be opened because the developer cannot be verified. When running spctl -avv App.app it…
Derek
  • 196
  • 1
  • 12
3
votes
0 answers

Why are files my sandboxed app creates/renames getting the com.apple.quarantine attribute?

I am writing temporary files from a sandboxed app that need to be executable, but they are marked as quarantine despite changing the usual settings. I've explicitly set LSFileQuarantineEnabled to NO in my app's Info.plist just in case (this is…
natevw
  • 16,807
  • 8
  • 66
  • 90
3
votes
0 answers

Pyinstaller app yields error OS status -67062 for unidentified developers (just OSX High Sierra)

Tested on OSX High Sierra 10.13.2 I have packaged a .app on my Mac (High Sierra 10.12.6) using Pyinstaller 3.2. The app works fine on my computers, as well as on Windows. Before High Sierra, I had no trouble distributing to Mac users. I am not a Mac…
bw4sz
  • 2,237
  • 2
  • 29
  • 53
3
votes
1 answer

Jarsigner : sign standalone jar with Developer ID certificate

While I can use Developer ID certificates from Apple to sign .app and .dmg, I'm wondering if there is way to use it to sign the standalone jar version (click & run), and also a couple of eclipse plugins (jars). I sign the jars with Comodo Cert and…
josephino
  • 360
  • 4
  • 21
3
votes
0 answers

Successfully codesigned app failed to pass Gatekeeper

I am trying to sign my application with codesign command line tool: codesign --deep -v -f -s "Developer ID Application: Xxxxxxx Xxxxxxxxxxx (XXXXXXXXXX)" ./MyApp.app The result is seemed to be success: ./MyApp.app: signed app bundle with Mach-O…
user3421105
  • 41
  • 5
3
votes
1 answer

Xcode successfully builds but fails to run macOS app

I've written a mac application that uses CloudKit, and ever since I've upgraded to Sierra and XCode 8, the app will successfully build, but Xcode will not launch the application when I click "run". If I go into the Derived Data folder and manually…
harryh
  • 346
  • 2
  • 9
3
votes
0 answers

codesign shows .app bundle okay, but gatekeeper complains

I am having trouble getting an .app bundle to play nicely with gatekeeper. Running a verify with `codesign looks like it works: $ codesign -dvvvv --deep…
staticfloat
  • 6,752
  • 4
  • 37
  • 51
3
votes
1 answer

check-signature tool fails with message: resource envelope is obsolete (custom omit rules)

Tried to check Gatekeeper Conformance using check-signature tool as described here running the following command: ./check-signature ~/Desktop/folder/test.pkg and got the following output: (c) 2014 Apple Inc. All rights…
KoKa
  • 797
  • 1
  • 14
  • 31
3
votes
1 answer

Once my App passes Gatekeeper all future downloads are not quarantined

I have observed that once my signed application has been downloaded from the Internet and it passes through GateKeeper acceptance (i.e I click OK on the warning dialog) it will never be quarantined again. In other words subsequent downloads will not…
Will
  • 337
  • 4
  • 15
3
votes
1 answer

codesign Preference Pane results in "object file format unrecognized, invalid, or unsuitable"

I'm trying to codesign a preference pane using my Developer ID certificate. Here is the command I'm using in the terminal: codesign -v -f -s AppTrap.prefPane And here's the output: AppTrap.prefPane: object file format unrecognized,…
Kumaran
  • 316
  • 3
  • 10
2
votes
1 answer

Can I get rid of the Signing section? (Sandbox vs. Hardened Runtime)

I have two apps which are quite similar. One is working "as I want it" while the other doesn't. So I try to get them matched somehow. Basically one stumbles over the GateKeeper hurdle. Now that one has a section in the XCode settings which does…
qwerty_so
  • 35,448
  • 8
  • 62
  • 86
2
votes
1 answer

Gatekeeper Path Randomization

I have an app that needs to write a symlink for a helper tool to /usr/local/bin/gf. The problem is GPR gets in the way and randomizes my bundle path, so instead of creating the symlink to ../MyApp.app/SharedResources/bin/gf it links to some random…
user187676
2
votes
0 answers

How macOS will verify my software is Notarized or not?

As per apple document ( https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizing_the_notarization_workflow "Staple the Ticket to Your Distribution" ) I have to stapled my software DMG and when User runs…
Brinda
  • 31
  • 4
2
votes
1 answer

When are notarized macOS apps required?

In an upcoming release of macOS, Gatekeeper will require Developer ID signed software to be notarized by Apple. Anyone know what macOS release it could be?
alexisb
  • 39
  • 2
2
votes
1 answer

Why electron-osx-sign fails to produce a signed app recognised by Gatekeeper?

I'm trying to sign the stock electron app. Below is the script that I'm using. The issue is that gatekeeper complains that the app ("Electron") can’t be opened because the identity of the developer cannot be confirmed. Why is that? #!/bin/bash set…
mike
  • 533
  • 1
  • 7
  • 24
1 2
3
8 9