Struggling with Developer ID Application

I have a Mac application that I am distributing outside of the Mac App Store. For about the past 4 years, I have been signing the application with a Developer ID Application certificate, and this has worked great.


Starting in the past couple of days, I have been getting reports from users saying that they are now getting the 'identity of the developer cannot be confirmed' error upon launching new versions of the app.


My first thought was that maybe the certificate expired, or possibly because it was for an inactive organization. (The company was acquired and the new company has its own account.)


So I had the team agent create a new Developer ID Application certificate, and I am building with that now. Unfortunately, I am still getting the 'identity of the developer cannot be confirmed' error.


Now I am suspecting that maybe it's not a certificate error at all, but maybe an issue with Mojave. To test this idea, I went back to previous versions of the application, and sure enough, running those gives the same Gatekeeper error. I had a user test the app using the new certificate on High Sierra, and there was no error. But another user on High Sierra is seeing the error. There are so many moving parts it's really hard to track down what is going on here.


But this is what I am doing to validate that the certificate is valid and that the application has been signed correctly:


spctl --assess -vvv PureCloud.app
PureCloud.app: accepted
source=Developer ID
origin=Developer ID Application: Genesys Telecommunications Laboratories, Inc. (9U57N843V9)


and


codesign -dv --verbose=4 PureCloud.app
Executable=/Applications/PureCloud.app/Contents/MacOS/PureCloud
Identifier=com.inin.purecloud.directory
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=13532 flags=0x0(none) hashes=415+5 location=embedded
VersionPlatform=1
VersionMin=657408
VersionSDK=658944
Hash type=sha256 size=32
CandidateCDHash sha1=9306816859e31bff168e86268287d52ee49c303d
CandidateCDHash sha256=6684584fec1422911eb1cadafa599852115bef68
Hash choices=sha1,sha256
Page size=4096
CDHash=6684584fec1422911eb1cadafa599852115bef68
Signature size=4763
Authority=Developer ID Application: Genesys Telecommunications Laboratories, Inc. (9U57N843V9)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=Nov 29, 2018 at 10:49:38 AM
Info.plist entries=27
TeamIdentifier=9U57N843V9
Sealed Resources version=2 rules=13 files=202
Internal requirements count=1 size=220


Both of these things seem to tell me that the application is signed correctly with a valid Developer ID Application certificate.


What can I do next to figure out what is causing Gatekeeper to block the application?


Thanks!

-Jason-

Replies

Sparkle Framework strikes again!


I used the app RB App Checker Lite on your app. It didn't report any problems with the app, but it did find an unsigned executable at: /Volumes/PureCloud/PureCloud.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app