Notarized app but quarantine

Hi,


I try to notarized my application, from Xcode I do an archive, choose "Distribute app", upload it to be notarized and get a successful message.

When I export the notarized application I also attach the ticket to validate it using:


xcrun stapler staple -v "myApp.app"


Everything seems to works perfectly since when I run the following command:


spctl -a -v myApp.app


I have this output


myApp.app: accepted
source=Notarized Developer ID


However, when I put it on a server and I tried to download, I cannot launch it but I get the Gatekeeper pop telling me that


"myApp" can’t be opened because the identity of the developer cannot be confirmed.


What's wrong? I don't understand since the application is notarized...

Any idea?


Thanks

Up vote post of DEADBEEF Down vote post of DEADBEEF
2.2k views
Posted by
DEADBEEF
Reply
Add a Comment

Replies

What does 

spctl
think about the downloaded version of your app?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thank you for helping me.


I tried on different macOS version.


When I download it on macOS 10.14 Mojave and run


spctl -a -v myApp.app


I have:


myApp.app: accepted
source=Notarized Developer ID


And manage to launch it.


However on macOS 10.12 doing the same give me the following message


myApp.app: accepted
source=Developer ID


(From what I understood, the source=Developer ID is normal in macOS 10.13 and earlier) but when I launch the app I have the following message in gatekeeper popup:


“myApp” can’t be opened because the identity of the developer cannot be confirmed. Your security preferences allow installation of only apps from the App Store and identified developers.

Posted by
DEADBEEF
Post not yet marked as solved Up vote reply of DEADBEEF Down vote reply of DEADBEEF
Add a Comment

Notarisation is new in 10.14, so 10.12 is definitely not going to say 

Notarized Developer ID
. However, I would expect that it still accept it as a standard Developer ID, which is what 
spctl
is telling you here.

As to why your getting an error on launch on 10.12, that’s less clear. If you sign your app without notarisation — that is, as an old school Developer ID app — what happens on 10.12? [1]

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"

[1] I’m not suggesting that you ship this way; this is just a diagnostic test.

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Could you find a solution? I am also having exact same problem.

Posted by
cenkingunlugu
Up vote reply of cenkingunlugu Down vote reply of cenkingunlugu
Add a Comment

Ive Codesigned and notarised the application but still the app is quarantined.

Posted by
chellaprabu210994
Up vote reply of chellaprabu210994 Down vote reply of chellaprabu210994
Add a Comment

Problems like this have a variety of different causes, and thus DEADBEEF’s experience is unlikely to be directly relevant to yours. My recommendation is that you open a new thread here Core OS > Security and we can look at your issue in detail there.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment