I’m seeing a very strange problem I can’t figure out and I don’t know if it’s my Mac, OS X or what.
I have a Xojo Web App that I build and using DMGCanvas, I put into a DMG file. I can mount that DMG file and run the app from within the DMG file no problem. However, as soon as I put the DMG file onto my website and download the app from there, when I open the DMG file and try to run the app I get a message that the app is damaged and that I should eject the disk image.
Is this some sort of funky new security issue in OS X? I’ve tried signing the DMG file but that makes no difference. The app is not signed as AppWrapper wasn’t able to sign console apps until recently. I think it may be notarized. But it doesn’t matter.
This seems to be a new issue. I’ve never had this problem before. Again, the DMG I create works fine, but as soon as it get downloaded from the Web, Apple complains it is corrupted.
Ah, you hadn’t mentioned Dropbox. I’d still suggest doing an MD5 or SHA1 hash to make sure that they are. That’d tell you if the file ia truly corrupt or if it’s just Apple complaining about something else.
Could you take a screenshot of the error message and post that?
Yes. I did a hash on my local file and on a file I just downloaded from my website. So the files are identical.
I am wondering if something is up with OS X or if something is happening in my notarization process or something. I use Kaju for updates and today I had a report that my latest release is saying the downloaded zip file is corrupted. Now that one, everything is fully signed and the zip file notarized. I need to make sure the zip file is OK, but I am pretty certain it is.
OK. It appears this issue has to do with how the app is signed. This morning I tried the whole process again. The app successfully signed and the zip file notarized just fine in app wrapper. But when I tried to make a DMG of it using DMG Canvas, notarization failed. I got an error that there was an invalid signature on the executable. Not notarizing the DMG works, but as as soon as the DMG is downloaded over the web, the app won’t run as OS X says it is corrupted.
Now I just tried things again except I didn’t sign the web app. I just compiled it and then created a signed DMG. It works just fine now except I get the security prompts. That’s better than a corrupted file error.
So something is not right when AppWrapper signs this. I’ll have to work with @Sam_Rowlands to figure this out. I already sent Ohanaware a help email…