Gatekeeper Issues

  1. ‹ Older
  2. 2 weeks ago

    Robert L

    Jan 7 XDC Speakers Federal Way, WA (Seattle Area)

    Thanks BW & JO for clarification.

  3. Arnaud N

    Jan 8 Pre-Release Testers, Xojo Pro

    @Sam R @Arnaud N
    Thank you for taking the time to answer my questions, I know you must be very busy also.

    You're welcome. It's true I'm very busy, but I cycle thru all my tasks (the reason why I may respond “lately” sometimes). Anyway, I like App Wrapper and I'd also be happy if we can solve this problem (or make it even better, when available).

    @Sam R Okay, I can see how this could be confusing and I am sorry about this, at this point App Wrapper hasn't actually check the App's icon. So you can safely ignore this. You only use this if you want App Wrapper to make and add the icon for you. Sorry about that.

    Ah, OK. Thanks for clarifying that.

    @Sam R For me it's a battle of ethics v.s. business, I've known Seth for 20 odd years and I have great respect for Michel, so ethically I feel bad about stealing their business. I also see the benefit to App Wrapper customers of building a solution in.

    Yes, I understand that. That's why if they chose to add AppleEvents/AppleScript support to their apps, one would be able to make DMG files from another app without stealing their work nor making an extra built-in solution. As DMG and AppleEvents are Mac-only, this solution would fit.

    @Sam R There is already DMG Canvas integration, whereby App Wrapper has limited control over DMG Canvas to create the DMG. I expect it will be the same with DropDMG.

    Promising! I can hardly wait!

    @Sam R !@#$%; this is what I was worried about. So my contact has asked if you could please use the Feedback (Apple's Feedback) App to file a report with Apple and then give me the case number, so I can forward it to my contact, who is on Apple's Security team, so we're going straight to the correct team.

    I wasn't aware there's an Apple Feedback app. In my memory, one used to send reports to Apple using radars URL, but I always thought it was “over complicated when you don't know about that” and never used that.
    I saw one Feedback app when I tried the Catalina beta (Apple's survey app), but it was only for the beta testing.
    OK, I'll search for it and use it.

    @Sam R Unfortunately the error is reported while code signing. Until your account is unlocked (which it is supposed to be done when you Notarize), the code signature of the app will appear as invalid. I really have idea what they were thinking when they did this. Sure block an app because it's not Notarized, but to block all the developers apps because (at this point I assume it's an Apple bug) is just insane.

    Granted.
    Are all developers facing this issue, actually?

    @Sam R No you are not alone, I am working on some code to read DMG files, Zip file and PKG files and extract this information, to save you having to enter it, but as I am sure you can imagine, it is a lot of work.

    Yes, I imagine. It's tied with all the time you've already spent with App Wrapper; that's really a successful app you've made well, and it looks like it's continuing on that line!

    @Sam R Which is in line with what other developers are saying, Jan 1st and boom, they now get this error again.

    So either it's a bug with the new year (the 2000 year “expected” bug striking Apple 20 years too late?) or it's a wanted change from Apple (your contact seems to be unaware of that, but it's perhaps not from the “security” area in Apple, who knows?).

    Thank you.

  4. Michael D

    Jan 8 Pre-Release Testers, Xojo Pro

    @John M Starting February 3rd, Catalina will require *all* apps to be notarized, it won't let them run if they aren't. So yes, you'll need to sign and notarize apps you give to friends. And BTW, Apple doesn't know what your app does, it just scans the code to look for suspicious/malicious code.

    At the moment, there are at least 4 categories of apps to consider:

    1. unsigned
    2. signed before the cutoff date (either April or June 2019, depending ?) see https://eclecticlight.co/2019/06/07/notarization-in-mojave-and-catalina/
    3. signed after the mid 2019 cutoff date
    4. signed and notarized

    At the moment, on the latest Catalina beta, I can still run any app (including category #1, unsigned) by Right-clicking and choosing "open".

    Does anyone know what really changes after Feb 3? Will you be able to still manually bypass the rules for unsigned apps by right-clicking?

  5. Christoph D

    Jan 8 Pre-Release Testers, Xojo Pro

    As far as I know the right click/open will still work after 2/3

  6. Arnaud N

    Jan 9 Pre-Release Testers, Xojo Pro

    @Sam R !@#$%; this is what I was worried about. So my contact has asked if you could please use the Feedback (Apple's Feedback) App to file a report with Apple and then give me the case number, so I can forward it to my contact, who is on Apple's Security team, so we're going straight to the correct team.

    OK, it's done: FB7527543 (I used the feedback website, as the app is only for Catalina).
    My configuration isn't officially supported (10.14 on a 2008 Mac Pro). Since Apple shows a dialog telling they collect various data (including devices), I just hope they won't close the report because of “unsupported configuration”…

  7. Sam R

    Jan 9 Pre-Release Testers, Xojo Pro, Third Party Store Hengchun, Pingtung, Taiwan

    @Arnaud N OK, it's done: FB7527543 (I used the feedback website, as the app is only for Catalina).

    Thank you Arnaud, I'll get this over asap. I really appreciate you taking the time out here to help.

  8. Arnaud N

    Jan 9 Pre-Release Testers, Xojo Pro

    @Sam R Thank you Arnaud, I'll get this over asap. I really appreciate you taking the time out here to help.

    You're welcome. Glad there's a way to progress on this issue.

  9. Sam R

    Jan 10 Pre-Release Testers, Xojo Pro, Third Party Store Hengchun, Pingtung, Taiwan

    @Arnaud N You're welcome. Glad there's a way to progress on this issue.

    In the meantime I've discussing the ramifications of ignoring this particular error. My contact will need to do some research into where in the process this error is actually reported so I can make a safe judgment call on how critical it is just ignore it.

    I've also requested more information about what Apple does at their end, again to confirm if it a safe assumption to ignore this particular error.

    In the meantime, I've modified App Wrapper, it will still report this error, but in the case of this particular error, it will complete the rest of the wrapping.

    You can download the latest alpha from https://www.ohanaware.com/appwrapper/appWrapper3update311.dmg

  10. Tim S

    Jan 11 Pre-Release Testers Canterbury, UK

    AppWrapper 3.10 under Mojave - problem: I code-sign my app, then build a dmg with Disk Utility. I leave the default as "Compressed" and the dmg is created.

    But when I come to notarise with AppWrapper, it rejects it as "not compressed, Apple only accepts compressed dmg's". What am I doing wrong?

    I tried the 3.11 version mentioned above, same behaviour.

  11. Emile S

    Jan 11 Europe (France, Strasbourg)

    As far as I saw, there is no needs to follow these if I gave a copy of the application stored in a MemoryStick (if I do not use Internet to share the application).

    Am I correct ?

  12. Sam R

    Jan 11 Pre-Release Testers, Xojo Pro, Third Party Store Hengchun, Pingtung, Taiwan

    @Tim S But when I come to notarise with AppWrapper, it rejects it as "not compressed, Apple only accepts compressed dmg's". What am I doing wrong?

    Can you post a copy of the DMG online and DM me the link to download it. I am asking the OS if the DMG is compressed, maybe I am doing something wrong?

    @Emile S As far as I saw, there is no needs to follow these if I gave a copy of the application stored in a MemoryStick (if I do not use Internet to share the application).

    It certainly used to be this way, but I haven't tested this with Catalina, Apple may have changed it (and to be honest I expect them to change it at some point). I would suggest trying it with the machines that you intend to run your application, if it works, no problem.

  13. Arnaud N

    Jan 12 Pre-Release Testers, Xojo Pro

    @Sam R In the meantime I've discussing the ramifications of ignoring this particular error. My contact will need to do some research into where in the process this error is actually reported so I can make a safe judgment call on how critical it is just ignore it.

    I've also requested more information about what Apple does at their end, again to confirm if it a safe assumption to ignore this particular error.

    Great. Hope it's not a problem too complex to solve.

    @Sam R In the meantime, I've modified App Wrapper, it will still report this error, but in the case of this particular error, it will complete the rest of the wrapping.

    You can download the latest alpha from https://www.ohanaware.com/appwrapper/appWrapper3update311.dmg

    I confirm it works as intended (one row of “error” reported but the process terminates successfully).

    When one drops a dmg file on App Wrapper, the “DMG signer” window opens with that dmg. Is it possible to set the “Notarize” window as default? In my workflow, I don't sign my DMG files as a step; I notarize directly (which, if I understand correctly, also signs the file).

  14. Sam R

    Jan 12 Pre-Release Testers, Xojo Pro, Third Party Store Hengchun, Pingtung, Taiwan

    @Arnaud N When one drops a dmg file on App Wrapper, the “DMG signer” window opens with that dmg. Is it possible to set the “Notarize” window as default? In my workflow, I don't sign my DMG files as a step; I notarize directly (which, if I understand correctly, also signs the file).

    Sure, especially as I'm going to be removing the DMG signer in the future as it's integrated into the Notarization process.

  15. Arnaud N

    Jan 12 Pre-Release Testers, Xojo Pro

    @Sam R Sure, especially as I'm going to be removing the DMG signer in the future as it's integrated into the Notarization process.

    Great; thank you!

  16. Sam R

    Jan 12 Pre-Release Testers, Xojo Pro, Third Party Store Hengchun, Pingtung, Taiwan

    @Arnaud N Great; thank you!

    Try this version :)
    https://www.ohanaware.com/appwrapper/appWrapper3update311.dmg

  17. last week

    Arnaud N

    Jan 14 Pre-Release Testers, Xojo Pro

    @Sam R Try this version :)
    https://www.ohanaware.com/appwrapper/appWrapper3update311.dmg

    OK, I've tried it.
    Indeed, when I drop a dmg onto the dock icon, the dmg ends up in the notarisation window; nice!

    However, this version has a problem: once I sign my apps, they lose their AppleEvent permissions.
    I've added a NSAppleEventsUsageDescription key and the built apps works fine (the OS asks for permissions to send AppleEvents). I sign any app, which ends up in the App Wrapper folder (by the way: that folder is emptied each time without warning; hard to have two signed apps in the same folder) and that one doesn't work (no dialog from the OS, just denial of using AppleEvents; like if the NSAppleEventsUsageDescription key wasn't present. That key is actually present in the signed app, but near the end of the file (as opposed to near the top after the Xojo build)).
    Just hoping it's happening because the AW version is in beta…

  18. Sam R

    Jan 14 Pre-Release Testers, Xojo Pro, Third Party Store Hengchun, Pingtung, Taiwan

    It's up to the OS what order the plist values are written to (or read). If It's still there, but the OS is blocking Apple Script, are you using Sandboxing? If so, you need to enable the App Sandbox entitlement on the Capabilities pane.

  19. Arnaud N

    Jan 14 Pre-Release Testers, Xojo Pro

    @Sam R It's up to the OS what order the plist values are written to (or read). If It's still there, but the OS is blocking Apple Script, are you using Sandboxing? If so, you need to enable the App Sandbox entitlement on the Capabilities pane.

    I'm not using sandboxing. I've tried adding related applications in the “Apple Script & Apple Event access” list; wrapped applications still don't work, but, once notarised, they start working again (I'll have to remember not using the signed but not notarised copies of my apps). At this point, it looks like signing (but not notarising) invalidates something…

    I don't remember having seen that with prior versions of App Wrapper. Not sure I had specifically tested at the exact same step…

  20. 4 days ago

    Arnaud N

    Jan 19 Pre-Release Testers, Xojo Pro

    OK, it's not behaving as I thought and responded… With the non-signed version, on my own computer, I either (1) get the OS dialog (app1 needs to control app2) for each call; for one click/keystroke to start the action, I must allow several times. Or (2) don't get the dialog at all, as is happening now. I haven't found a reliable pattern; I come back to my computer and either (1) or (2) can be current, for a long period.
    Once signed (notarised makes no difference, as opposed to what I thought earlier), the OS never asks for permissions and the app just fails.
    Currently, I have to use the unsigned version on my own computer, otherwise it just doesn't work… Glad this specific app isn't meant to be used elsewhere…
    Apple's choice of asking for permissions for everything is annoying users and programmers in the first place; yet, the concept fails more than it works. Isn't that the definition of “absurd”?

or Sign Up to reply!