codesigning failure?

Carlo_Rubini · November 27, 2015, 3:09pm

Hello,
I use AppWrapper 2.5 to wrap my apps, send them to MAS, and they are accepted.
Today I wrapped an app and uploaded it to my website. When I downloaded the pakage and double-clicked it, I got the system message saying that it was an app created by unknown developer etc. etc. Therefore, in order to open it, I had to select “anywhere” in Preferences > Security & Privacy.
Yet, in AppWrapper I codesigned it, as I codesign apps for MAS.
From some thread on the Forum, it gather that I should upgrade to AppWrapper3, downloading also XCode 7.x.
Is there any other way to codesigne a pakage?
Suggestions welcome.

BTW: I cannot make a test using AppWrapper3 since I tested it a couple of months ago, therefore the trial-time has expired.
I’m using Yosemite.

Thanks,
Carlo

Tim_Parnell · November 27, 2015, 3:19pm

You can codesign manually using command line utilities. However pulling that off successfully has become incredibly complex and difficult. You may want to send Sam an email, he might be able to offer some help.

During Black Friday sale you can also pick up a 30 day license for AW3 in the Xojo store for $8
Pretty good deal if you’re in it for the short term.

Honestly I wouldn’t recommend any other way.

Roger_Clary · November 27, 2015, 3:21pm

Just been fighting this same issue over the last few days.

Definitely, upgrade to App Wrapper 3.5
In the codesign box of AW3, UNCHECK “Show All Certificates”. This should give you a list which reads Your Name - GateKeeper and Your Name - App Store.
For the App Store choose that certificate. As Sam explained to me, an app wrapped with this cert. will not pass gatekeeper until Apple approves it for the store and signs it also.
For apps outside the Store, select the “GateKeeper” certificate. You will get a red warning that the installer is missing, but that’s OK since this is not for the App STore. When I did this, my app then passed gatekeeper.
HTH

Marco_Hof · November 27, 2015, 7:12pm

Are there different ways for the App Store and Gatekeeper?
Not sure about the App Store but I do this to avoid the ‘unknown developer’ -message with 2 commands (Well, actually 1 because I think the export command is no longer needed if you did that once already):

export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate"

and then:

codesign --force --sign "Developer ID Application: Marco Hof" /whatever/file.app

And if there are Helpers included, I just drill down first:

codesign --force --sign "Developer ID Application: Marco Hof" /whatever/file.app/Contents/Helpers/Helper.app

And when I pack it with a .dmg, I codesign that as well (but I don’t think that’s needed).

I check if all is ok with:

spctl -a -v /whatever/file.app

Again, I don’t know about the App Store but using this gets rid of the ‘unknown developer’ -message for me

(Also, I use this free tool to give me some insight on what’s going on: http://brockerhoff.net/RB/index.html)

Michel_Bujardet · November 27, 2015, 7:16pm

Gatekeeper is a whole lot more tolerant than the Mac App Store sandboxing requirements.

Marco_Hof · November 27, 2015, 7:20pm

Yes, I figured. But in this case, the OP ran into Gatekeeper.

Carlo_Rubini · November 28, 2015, 2:34am

Marco, I followed your advice (both with and without Export, but in my case the file, uploaded and downloaded from my website, showed again the “unendified developer” warning.
Thank you, and to the others who advised.

Marco_Hof · November 28, 2015, 2:46am

What does ‘spctl -a -v /whatever/file.app’ say?

(Oh and the commands are all one liners. The forum breaks them up in multiple lines)

Carlo_Rubini · November 28, 2015, 4:00am

No such file or directory. Yet it is the same file/directory that gets succesfuly built. Strange indeed.

Carlo_Rubini · November 28, 2015, 4:03am

Removing quotes from ‘spctl -a -v /whatever/file.app’ (i.e. spctl -a -v /whatever/file.app I get: rejected.

Marco_Hof · November 28, 2015, 4:08am

But you replaced ‘/whatever/file.app’ (in all above commands) with the full path to your App right?

You can either use the full path or go to the directory to where your App is.
If you’re in the directory where your App is, and your App is called MyApp.app, then use the commands above but replace ‘/whatever/file.app’ with: ‘./MyApp.app’ (there is a . in front of the /)

Carlo_Rubini · November 28, 2015, 4:16am

After writing spctl -a -v I drag the app (even the pakage) into the Terminal window, as I do when code-signing and pkg-buld.

Sam_Rowlands · November 28, 2015, 6:59am

I would check your codesigning certificates and make sure that they haven’t expired. App Wrapper 2 wasn’t able to detect this, but I have written a code signing diagnostics in App Wrapper 3. If you contact me through a direct message I can extend your trial period for you, so you can test App Wrapper 3 if you would like.

Carlo_Rubini · November 28, 2015, 2:42pm

Sam, thank you for your kindness. I’ll contact you through your website.