WebApplication.WebFile Breaks Code Signing - Solved

The download example from Xojo works just fine. Why don’t you try that ?

My guess here is that Safari or the OS has remembered that you downloaded this before? Can you test that out by using a brand new filename?

See above for my suggestion of using the xattr command to see if the quarantine bit is set. Also, Thom’s suggestion of md5 checksumming is a good one to make sure the file is binary identical. (You can also use the diff command for this).

[quote]
I’m going to alter the WebApplication to use an HTTP GET request instead of WebFile and see what happens.[/quote]

Also, perhaps a shot in the dark here, but…

It’s been reported that if you copy a mac .App bundle to a non-mac filesystem, the mac will helpfully create hidden folders named “__MACOSX”. Rumor is that under 10.9 Gatekeeper, these files cause some of the signature validation to fail.

Any chance your .app file has been processed in this way? How exactly is it being zipped?

I finally fixed the problem and it had nothing to do with WebFile. I deleted all of the code signing certificates from my keychain and restored only the Apple certs and that solved the problem. It looks like the apps weren’t being signed properly with a mixture of signing certs in the keychain. I can only assume that the reason the direct link downloads weren’t getting blocked was because of an issue with either Safari or Gatekeeper.

Well, I thought I was finished with this but I’ve come across more weirdness. I got App Wrapper Mini from the App Store because I thought it would make signing my Mac apps easier, which it does, but the package files made from the App Wrapper script don’t actually install the app. It shows the app was installed successfully but the app is actually nowhere to be found. Has anyone else experienced this problem with pkg files?

…never mind…
I have since been told that’s a known issue with App Wrapper Mini pkg files and Mavericks.