In this thread:
For a signed, notarized, and stapled DMG with a signed MacOS app distributed over the internet.
If the computer is offline and a notarized DMG has a notary ticket stapled to it, it is possible to copy an App to Applications and validate the app as long as the DMG is still mounted.
However, if the DMG is unmounted before the App is run, the App will fail validation.
From the very helpful @eskimo
> If you staple the ticket to the
.dmg, the system will ingest that ticket when the quarantined
.dmg is mounted.
I verified that worked on an offline computer on MacOS 10.15.
However I found another scenario:
Pre-req: Notarized DMG with ticket stapled to it
1. Somehow copy the DMG to the computer/VM
2. Turn off network access
3. Open the DMG
4. Drag the App to Applications
5. Unmount the DMG
6. Open the App
7. Fails verification because the App does not have the ticket stapled to it.
Workaround: We can tell customers to keep the DMG mounted the first time they open the app and/or to make sure they have internet access. (or paths through their firewall to Apple services for Gatekeeper?)
How should one go about stapling the notary ticket to the App inside the notarized DMG?
Do we really need to:
1. Sign the app
2. Zip it
3. Notarize the zip
4. Unzip it and staple the ticket to the App
5. Put the app with the notary ticket stapled to it into a DMG and sign the DMG
6. Notarize the DMG
7. Staple the ticket to the DMG
So two notary processes to make sure the above process succeeds?
Or is there any way to staple the ticket to the notarized DMG's app? Wouldn't that change the DMG and cause validation to fail?
Type of Customer:
Downloads DMG on a separate computer with internet access and distributes on their intranet to user computers that don't have internet access.