My app makes documents that Mac OS X says are from an unkown publisher when sandboxed

I’ve ran into something odd. I’m updating my document converter app for the first time in a couple of years. Unlike the version that’s in the MAS now, I have to Sandbox any new ones. I thought, no problem there. Everything looks good, in all formats, until I sandbox it. Then, when converting to the Webarchive format, I get a pop-up box from Mac OS X (10.9.1) that says these documents have been created by an application from an unknown vendor. None of the other formats (TXT, RTF, DOC, etc…) have this issue. Only Webarchive and only when sandboxed. My digital signature is up to date with Apple, of course.

Any ideas? Why would this come up, and why on the Webarchive documents?


[quote=55839:@Niles Mitchell]
Any ideas? Why would this come up, and why on the Webarchive documents?


Have you checked that it is your app that is supposed to open Webarchive ? Do a file info of the document and check of the Open with: is right. Looks like it maybe another app that plays here.

My app doesn’t open anything. It is a document converter only. Webarchive opens with Safari, and Safari alone. When clicking on these documents, before launching Safari, it pops up and says these docs were created by an unknown developer, and then the name of my app.

It’s probably because a webarchive can contain executable JavaScript code. This is from the “Entitlement Key Reference”.

Currently, App Wrapper doesn’t support this key, I can add it in, but it might take a little while over the holiday period.

Note: If your app needs to create executable files that are typically executed in some way other than through Launch Services (shell scripts, for example), you should also specify the entitlement.
By default, when writing executable files in sandboxed apps, the files are quarantined. Gatekeeper prevents quarantined executable files and other similar files (shell scripts, web archives, and so on) from opening or executing unless the user explicitly launches them from Finder.
If those executables are tools that are intended to run from the command line, such as shell scripts, this presents a problem. With this flag, the file quarantine system allows the app to write non-quarantined executables so that Gatekeeper does not prevent them from executing.

Thank you, thank you, Sam! That was the trick!!!

You’re welcome… I’ll add this into App Wrapper when I can.