I am trying to solve an issue with one of our products that is not distributed over the Mac App Store.
This product is an extension in Adobe’s video cutting app “Premiere Pro”. The extension (which is basically an HTML page) is launching a command line executable. That’s when Gatekeeper chimes in and gives an error saying that the app needs to be updated by the developer.
For context: the executable is written in Go-lang (for cross platform compatibility).
After the binary was built, I am code signing it with our working Apple Developer ID certificate:
$ codesign -s "Developer ID ..." -v /path/to/HelperExec
Then I verify:
$ codesign --verify --deep --strict --verbose=2 /Users/workingThomas/develop/adobe-client/bin/HelperExec
/path/to/HelperExec: valid on disk
/path/to/HelperExec: satisfies its Designated Requirement
Then I simulate Gatekeeper
$ spctl --assess --verbose=4 /path/to/HelperExec
/path/to/HelperExec: rejected (the code is valid but does not seem to be an app)
And of course, the binary can not be executed in the Terminal without getting the Gatekeeper dialog. There is no documentation how to notarize executables that are not embedded in an app package.
Can someone help or point me in the right direction?
How can we avoid Gatekeeper to bother our end-users?
Thanks,
Thomas