.dmg notarising and 'future' macOS

  1. ‹ Older
  2. 4 months ago

    Jonathan A

    Jun 10 Pre-Release Testers Maryland, USA

    @Beatrix W I think you mean me. I'm using Valentina 8.2.1. I posted an inquiry about the current version of Valentina on the Paradigmasoft forum.

  3. Jürg O

    Jun 11 Pre-Release Testers, Xojo Pro

    @Christoph Dnbsp;Vocht I tried everything but the notarised .dmg files keeps popping up the 'unidentified developer'. :-(
    It seems I have to switch to .pkg (which does work when it is notarised).
    Anyone else tried this?

    Same issue here.

    @Christoph Dnbsp;Vocht Christian Schmitz: Are you sure the beta 1 is not broken in this regard?
    That may be the case. Although I did download .dmg files that do not show this popup. It's an odd issue for sure.

    I wouldn't worry about it right now. Let's wait for (public) Beta 1/2/3.
    As a cross-check, I have just codesigned (not Notarized and stapled to the dmg). And surprise - you don't get the "unidentified developer", and (the not notarized app) runs just fine. So my guess is that they are still working on this "feature / restrictions-to-come".

  4. Travis H

    Jun 13 Pre-Release Testers, Xojo Pro

    @Christoph Dnbsp;Vocht Tested on a 'future' macOS version.

    When creating, codesigning and notarising a .dmg file always results in prompting 'Unidentified Developer' and you cannot open the .dmg (after you downloaded the .dmg file).

    I see the same thing. My older notarized signed DMGs work fine, but a newly-created notarized signed DMG refuses to mount on the beta. The newer DMGs mount if I delete the com.apple.quarantine attribute.

    I suggest reporting it via Apple's Feedback Assistant.

  5. Travis H

    Jun 18 Pre-Release Testers, Xojo Pro

    I'm still seeing the same behavior with beta 2.

  6. Christoph D

    Jun 18 Pre-Release Testers, Xojo Pro

    I did filed a feedback report which was closed with the reply : 'By design'. See other thread about this.

  7. Christoph D

    Jun 25 Pre-Release Testers, Xojo Pro

    Still happens with macOS public beta 1 :/

    Not good.

  8. Christoph D

    Jun 25 Pre-Release Testers, Xojo Pro

    Nice, just got my first mail from a customer who says my software cannot be launched because ... 'I am an unidentified developer'. Good job Apple, you are taking down my reputation as a developer. And I even payed you for this. :/

    I already have made a standard reply to answer those questions (that it is probably a beta issue). Nevertheless, this isn't very encouraging.

  9. Beatrix W

    Jun 25 Pre-Release Testers, Third Party Store Europe (Germany)

    How are other apps doing the notarization? DropDMG for instance starts fine on Catalina without the "unidentified developer" warning.

  10. Sam R

    Jun 25 Pre-Release Testers, Xojo Pro, Third Party Store Hengchun, Pingtung, Taiwan

    Christophe; contact Apple Developer Support. Explain to them that you need to know what's changed because your Notarized application works fine on 10.4.5 but won't open on Catalina. Try to keep emotion out of your letter. Don't forget to tell them that your bug report was closed almost instantly with "By Design", don't forget to tell them that now they've released the public beta, you're getting e-mails from customers about this and you don't know what to do.

  11. Christoph D

    Jun 25 Pre-Release Testers, Xojo Pro

    @Beatrix W How are other apps doing the notarization? DropDMG for instance starts fine on Catalina without the "unidentified developer" warning.

    Did you upload the dmg first? The message is not shown when you just create and notzarize the dmg file. You first need to download it.

    BTW I am using DMGCanvas.

  12. Beatrix W

    Jun 25 Pre-Release Testers, Third Party Store Europe (Germany)

    I downloaded the app from the internet. I used this app because I remember that the dev wrote about notarization.

  13. Christoph D

    Jun 25 Pre-Release Testers, Xojo Pro

    @Beatrix W I downloaded the app from the internet. I used this app because I remember that the dev wrote about notarization.

    Did a quick test with DropDMG ... same issue.

    Did you create, codesigned and notarized the dmg running macOS 10.15 ?

  14. Beatrix W

    Jun 25 Pre-Release Testers, Third Party Store Europe (Germany)

    Hu? That's odd. DropDMG isn't my product. For my own app I'm still wrestling with Catalina itself. There is now a version of Valentina that should work for hardening. As soon as this wonderful heatwave is a bit better and my brain is back to working I'm going to test notarization.

  15. Christoph D

    Jun 26 Pre-Release Testers, Xojo Pro

    Btw the DropDMG itself doesn't show the issue (it's probably notarised before 1 june 2019). Only dmg files codesigned and notarized after this date trigger the issue.

  16. Greg O

    Jun 26 Xojo Inc

    @Christoph Dnbsp;Vocht Did you create, codesigned and notarized the dmg running macOS 10.15 ?

    Interesting. This is something we are not doing. Our signing, hardening and notarization is being done on 10.13.6 using Xcode 10.1.

  17. Jürg O

    Jun 26 Pre-Release Testers, Xojo Pro

    @Christoph De Vocht When creating, codesigning and notarising a .dmg file always results in prompting 'Unidentified Developer' and you cannot open the .dmg (after you downloaded the .dmg file).

    I've found a piece of interesting info in this article ...…

    @Christoph De Vocht Only dmg files codesigned and notarized after this date trigger the issue.

    This happens if one does:

    1. CodeSign .app
    2. Package .app in a .dmg
    3. CodeSign .dmg
    4. Send .dmg to Notarize
    5. Staple Ticket to .dmg

    It opens without that 'Unidentified Developer' and executes just fine if one does skip Step 3 (don't CodeSign the .dmg):

    1. CodeSign .app
    2. Package .app in a .dmg
    3. CodeSign .dmg
    4. Send .dmg to Notarize
    5. Staple Ticket to .dmg

    A quote from the article :

    However, if you sign and notarize the DMG installer, it will actually trigger the error you saw at the top of this post. I personally think this is a bug in Apple’s logic (wouldn’t be the first) but while it’s there, it’s actually better to use an unsigned, unnotarized DMG. Apple’s Gatekeeper software seems to detect the notarized .app inside the DMG and will let users install your software without problems.

    The question remains… why is DropDMG notarized and their .dmg is Codesigned… and they don't have this issue?
    Maybe here comes the "date" in play. Or the macOS version used to sign (10.13.6 | 10.14. | 10.15)?

  18. Beatrix W

    Jun 26 Pre-Release Testers, Third Party Store Europe (Germany)

    Blech. I checked again. The DropDMG version I checked this morning is the current release from last year. However, I had a problem with DropDMG crashing on Catalina and got a link to a new beta version from this June. This version also shows the "unidentified developer" warning.

  19. Christoph D

    Jun 26 Pre-Release Testers, Xojo Pro
    Edited 4 months ago

    @Jürg O
    It opens without that 'Unidentified Developer' and executes just fine if one does skip Step 3 (don't CodeSign the .dmg):

    1. CodeSign .app
    2. Package .app in a .dmg
    3. CodeSign .dmg
    4. Send .dmg to Notarize
    5. Staple Ticket to .dmg

    A quote from the article :

    Doesn't work either. Still getting the 'Unidentified developer'.

    Note: With every try, I do receive a mail from Apple that my app is ready for deployment. So although Apple confirms everything wend ok, it does trigger the issue every single time.

    Btw I did not tried the entitlement found in that article but I don't think this is needed for the Xojo framework.

  20. Jürg O

    Jun 26 Pre-Release Testers, Xojo Pro
    Edited 4 months ago

    @Christoph Dnbsp;Vocht Doesn't work either. Still getting the 'Unidentified developer'.

    Hmm… I got ours to open without that once…
    Maybe I have skipped Step 5, too:

    1. CodeSign .app
    2. Package .app in a .dmg
    3. CodeSign .dmg
    4. Send .dmg to Notarize
    5. Staple Ticket to .dmg

    As of now, it seems unsigned .dmg's will still open. Then Gatekeeper kicks in to check it's content. And as long as the .app inside it is notarized, it'll "phone home" and check that. So not codesigning the .dmg and not stapling the Notarization-Ticket might work for now.

    Having said that: I'll leave it "as it is" (even with that "Unidentified Developer" message). It's most likely a Bug in the macOS PreRelease. Only if it's still an issue in July/August, I might reconsider changing our build process.

    Until then: Just right-click and open those .dmg's. Or use Terminal to: xattr -rc <path-to-downloaded-dmg>.
    And let complaining users know with a default-reply: Things like these (and much other, worse ones) are to be expected when using PreReleases. It's not your business (right now).

  21. Philippe C

    Jun 26 Pre-Release Testers, Xojo Pro, XDC Speakers Ottawa, Canada

    @Christoph Dnbsp;Vocht Nice, just got my first mail from a customer who says my software cannot be launched because ... 'I am an unidentified developer'.

    I am curious if that's an application that was code-signed prior to June 1st, 2019. Apple has said that in order not to break too many apps on Catalina, Gatekeeper does not require notarization if the code-sign date is before June 1st. In other words, stuff that was built before then should install fine on Catalina.

    I have other install problems on Catalina, but that's a separate issue.

  22. Newer ›

or Sign Up to reply!