I have a desktop app I have developed for a client who’s employees are all using either OS 10.8 or 10.9. My app is codesigned with our apple developer certificate, including two helper apps inside the bundle.
When the client downloads the app to run on either version, the app causes no problems with Gatekeeper. It recognizes the code signing.
When the app is downloaded to Mountain Lion (10.8) and put on a USB flash drive, and run on a second computer running 10.9, Gatekeeper says it is from an unidentified developer. But running code sign -dvvv gets the following:
Daves-MacBook-Pro:~ davepars$ codesign -dvvv /Volumes/FV2FDE/InstallFDE.app
Format=bundle with Mach-O thin (i386)
CodeDirectory v=20100 size=16191 flags=0x0(none) hashes=803+3 location=embedded
Hash type=sha1 size=20
Authority=Developer ID Application: Fluency Learning Apps LLC
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Dec 11, 2013, 4:26:51 AM
Sealed Resources version=2 rules=12 files=41
Internal requirements count=1 size=184
It would seem to me that simply putting the app on a USB flash drive shouldn’t mess with the code signature. Does anyone have any insights into this? I would be forever in your debt!
did you sign all the dylibs in the frameworks folders?
Is it a Windows formatted USB drive? If so, try zipping it first and then expanding on the target machine.
Oh yes, we ran into CodeSigning-issues with that, too.
The reason are Ressource-Files (that get added by OS X on FAT-Volumes) such as “._image.png” - but since those files didn’t exist when code-signed… well, the CodeSigning-signature is still there, but the contents of the app is “modified” when being copied to a FAT-volume.
Here’s what we have filed as a “bugreport 14361139” to Apple back in July '12 - the case is still “open”…
- USB-Stick: Formatted with MS-DOS Filesystem (FAT)
- OS X 10.8.4: System Preferences -> Privacy: Allow software from App Store and certified Developers
Steps to reproduce
- Download TextWrangler_4.5.2.dmg from http://www.barebones.com/products/textwrangler/ (you need to download the file, it’s a code-signing issue!)
- the .dmg gets saved to the local ‘Downloads’ folder
- open the .dmg
- Drag ‘TextWrangler’ to the USB-Stick
- try to run TextWrangler by double-clicking the App on the USB-Stick
TextWrangler will launch.
OS X (GateKeeper) tells: ‘TextWrangler is damaged. Move to trash?’
Reason for the issue
In the App (copied to the USB-Stick), there are files such as:
those “._”-files are not codesigned -> Gatekeeper will refuse to run the app (saying that it’s damaged).
Thanks everyone. Christian all the dylibs are in fact signed. Sam and Jürg I will check that… thank you for the possible lead!