3 Replies
      Latest reply: Feb 17, 2017 4:21 AM by eskimo RSS
      Babelchips Level 1 Level 1 (0 points)

        Launching our code-signed application after downloading its .dmg over the web (HTTPS) using Chrome or Firefox shows that the app "can't be opened because it is from an unidentified developer".

         

        This is surprising because the app is correctly code-signed and is working fine on multiple Macs already.  When opening the exact same image and launching the application directly from my local file system (i.e. not downloaded via the web) everything is fine, as expected - no warnings or errors.

         

        Does the .dmg or .app inside get modified or treated diferently by the OS if it is downloaded over the web?  If so, how can we deliver a code-signed app over the internet?

        • Re: How to deliver a code-signed app over the internet?
          eskimo Apple Staff Apple Staff (6,490 points)

          Are you signing your .dmg?  That’s highly recommended these days.  WWDC 2016 Session 706 What’s New in Security for details.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

          • Re: How to deliver a code-signed app over the internet?
            john daniel Level 2 Level 2 (25 points)

            I suggest keeping some pristine VMs around for testing app on-boarding. There are a number of features that work differently the first time you do them. Clearing quarantine and unsigned apps are two big examples. Your development box won't help you do this testing.

             

            As eskimo says, if you are distributing via a DMG, then that will need to be signed as well. I don't recommend using DMGs anymore through. Just distribute a zip file and in most cases it will be automatically exapanded into the app. If there are "read me" files or similar things that you would have put into the root of the DMG image, move those into the app bundle and make them available via the Help menu or something.

              • Re: How to deliver a code-signed app over the internet?
                eskimo Apple Staff Apple Staff (6,490 points)

                I suggest keeping some pristine VMs around for testing app on-boarding.

                Agreed.  I maintain VMs for each major releases on macOS (my boss graciously funded a 1 TB SSD!), and each one has a ‘fresh’ snapshot that I use for testing situations like this.

                Just distribute a zip file and in most cases it will be automatically exapanded into the app.

                Yeah, I don’t like that approach because, unless the user moves your app, it ends up running translocated.  While that shouldn’t affect its performance, it just seems wrong.

                Share and Enjoy

                Quinn “The Eskimo!”
                Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                let myEmail = "eskimo" + "1" + "@apple.com"