I’m developing an app on .NET8 for macOS and encountered an issue during App Review with feedback: "An error showed upon launch. The app cannot be opened because the developer cannot be verified. This may be due to an issue with your app’s Gatekeeper conformance."
Additionally, the provided screenshot showed this message: "Application is damaged and can't be opened. Delete and reinstall from App Store."
Here’s the process I follow to create the package:
- Build the application.
- Sign it using the following command: codesign --force --verify --verbose --deep --options runtime --timestamp --entitlements ../Entitlements.plist -s '3rd Party Mac Developer Application: [ID]' Demo.app
- Create the package using this command: productbuild --component Demo.app /Applications --sign '3rd Party Mac Developer Installer: [ID]' Demo.pkg
After installing the app from TestFligt it doesn’t show the errors. Could someone please advise on what might be causing this issue and how I can fix it?
The Entitlements.plist file contains the following keys and values:
<key>com.apple.application-identifier</key>
<string>[ID].com.demo.appc</string>
<key>com.apple.developer.team-identifier</key>
<string>[ID]</string>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.files.bookmarks.app-scope</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
The project file snippet includes the following configuration for the release build:
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<OutputPath>bin\Release</OutputPath>
<Optimize>true</Optimize>
<NoStdLib>true</NoStdLib>
<UseSGen>false</UseSGen>
<UseRefCounting>false</UseRefCounting>
<TlsProvider>Default</TlsProvider>
<PublishTrimmed>true</PublishTrimmed>
<TrimMode>partial</TrimMode>
<RunAOTCompilation>false</RunAOTCompilation>
<EnablePackageSigning>true</EnablePackageSigning>
<CodeSigningKey>3rd Party Mac Developer Application:[ID]
</CodeSigningKey>
<EnableCodeSigning>True</EnableCodeSigning>
<CreatePackage>false</CreatePackage>
<PackageSigningKey>3rd Party Mac Developer Installer:[ID]
</PackageSigningKey>
<Profiling>false</Profiling>
<CodeSignProvision>provfile</CodeSignProvision>
<CodeSignEntitlements>Entitlements.plist</CodeSignEntitlements>
<LangVersion>default</LangVersion>
Sign it using the following command: codesign -… --deep …
You’re falling at the first (well, second :-) hurdle here. Don’t use --deep when signing code. --deep Considered Harmful explains why that’s a problem.
It’s much easier to sign and package code using Xcode. If you can’t do that, there are detailed instructions on how to do this manually in:
<key>com.apple.security.cs.allow-jit</key> … <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
There’s no point having both of those, because the latter is effectively a superset of the former. Talk to your tools vendor to determine which one they actually need.
<key>com.apple.security.cs.disable-library-validation</key>
Don’t disable library validation as a matter of course. It makes it harder to pass Gatekeeper. See the callout at the bottom of Disable Library Validation Entitlement.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"