Hi all, trying to figure out the best way to navigate this.
To be clear, this app is NOT for the MAS.
My application includes a command-line helper app. I include it in the Resources folder of my application bundle, then on first run, it gets copied to SpecialFolders.ApplicationData.Child(“MyApp”) and I set the Permissions to &o755 so it can be executed.
This works fine at first. However the helper app is written by a third-party and it self-updates every few weeks. Once it self-updates, the user gets the error that it can’t be run because Apple can not check it for malicious software (it has lost its signature and notarization).
What’s the best way to handle this?
Tell the third party to sign their damn app.
Agreed that’s the best solution, but I can’t count on that happening.
Can you ad hoc sign it with your app if you notice it changes?
Hmm I guess that would require the user have xcode though.
I think it’s also the notarization that it’s missing that prevents it from running as well. Just a signature may not be enough.
The only other thing I can think of is to ask the developer is there’s a way to bypass the update mechanism on the command line (or ask them to add the feature) and then when a new version comes out, you put it in the next version of your app.
If you can disable the update system like @Greg_O suggests, this is a actually a good thing.
It means that you can then execute the helper from within your app bundle, but not from the Resources folder, the executable should be placed in the macOS, Helpers or Frameworks folder to meet the code signing guidelines. This also means that you set the permissions on the helper only once.