I'm trying to distribute my macOS application (a .dmg file) to customers, and I've followed all the steps to sign and notarize the application. However, when I try to install the .dmg containing the app, Gatekeeper rejects it with the error "AppName cannot be opened because developer is not verified". Even though I’ve signed the app with my Developer ID, notarized it, and verified the signature using codesign, I am still encountering issues when attempting to install or open the app on a clean macOS environment. Here’s the error I see when using spctl to check the .dmg:
spctl --assess --type open --verbose=4 output/App.dmg output/App.dmg: rejected source=Insufficient Context
When trying:
spctl -a -t open -vvv --context context:primary-signature output/App.dmg
output/Unbounded.dmg: accepted source=Notarized Developer ID origin=Developer ID Application:
My .app is signed and notarised by electron builder and I explicitly signed and notarised dmg too but still not working
Just to set expectations here, passing notarisation is necessary but not sufficient to pass Gatekeeper.
As to how why Gatekeeper is grumpy, my general advice is:
-
Test on a clean machine. It’s not uncommon to see weird results on your development machine. See Testing a Notarised Product.
-
Use
syspolicy_checkto learn what Gatekeeper is complaining about. -
If that doesn’t make it obvious, there’s a bunch of info hanging off Resolving Trusted Execution Problems.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"