Post not yet marked as solved
Post marked as unsolved with 6 replies, 830 views
I have a Mac OS app that uses a separate swift-built binary to extend its functionality. It is non sandboxed and signed via Developer ID method.
I placed the binary file in Contents/MacOS directory of the bundle.
Here are the entitlements used to sign the bundle:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>
When the application is built for arm64 (using arm64 built swift binary helper), successfully signed, notarized, and downloaded on a user's Mac, gatekeeper has no issues and throws no warnings.
When the application is built for x86_64 (using the x86_64 built swift binary OR universal swift built binary helper), successfully signed, notarized, and downloaded on a user's Mac, gatekeeper throws the "macOS cannot verify that this app is free from malware" warning.
So the issue seems to be the x86_64 swift built binary, but it is identical to arm64 build. I'm puzzled. Any suggestions on how to proceed?