Hi,
I am creating a plug-in written in a combination of Objective-C and Swift. As such, the bundle contains the following structure:
/Contents/Frameworks/libswiftCore.dylib (and few other Swift's dylib files)
/Contents/Info.plist
/Contents/MacOS/MainProductBinary
/Contents/Resources/ - contains pdfs, nibs etc.
1. I've codesigned and notarized each *.dylib file individually
2. I've codesigned and notarized the bundle as a whole
3. I've packed the bundle and transfered via web (so it becomes quarantined) to a fresh Catalina virtual machime
4. I've installed the third-party host application for which the our product is a plug-in onto the Catalina virtual machine
5. I've placed the plug-in into a folder where the host application expects it
When I start the host application, Gatekeeper complaines that it cannot check the bundle for malvare.
I manually assess the *.dylib files using a Terminal using the commands bellow:
for filename in MyPlugin.bundle/Contents/Frameworks/*.dylib; do
spctl --assess --verbose=4 --type install "$filename"
done
After running these commands, Gatekeeper becomes satisfied and allows the plug-in to run when I start the host application.
However, I'm not a supporter of an idea to force users to run these commands before installing the plug-in.
Additional notes:
- Running spctl --assess --type install on the whole bundle before manually assessing the *.dylib files reports "rejected". However, running the same command after manually assessing the *.dylib files reports "accepted".
What should I do to make Gatekeeper satisfied without the need to run these commands?