osx-gatekeeper

Xcode successfully builds but fails to run macOS app

半腔热情 提交于 2020-05-29 06:56:34
问题 I've written a mac application that uses CloudKit, and ever since I've upgraded to Sierra and XCode 8, the app will successfully build, but Xcode will not launch the application when I click "run". If I go into the Derived Data folder and manually double-click my application to launch it, it crashes immediately and displays the following in the error report: Time Awake Since Boot: 12000 seconds Time Since Wake: 6500 seconds System Integrity Protection: enabled Crashed Thread: 0 Exception Type

Using existing CA-issued cert to sign OS X application and keep Gatekeeper happy

不羁的心 提交于 2020-01-03 01:55:11
问题 I build an OSX app which is distributed as a DMG outside of the Mac App Store, and I'd like to continue to have it be that way once Gatekeeper enforcement begins. From studying code signing documentation, it looks like the recommended approach is to get a "Developer ID" certificate and use that to codesign. However, you must be a registered OSX developer and pay Apple $99 each year. I already have a certificate from a recognized CA, and I would like to use it with codesign . I found

How to Sign a .jar file with my Apple Developer ID

僤鯓⒐⒋嵵緔 提交于 2019-12-23 18:20:31
问题 I have a java executable jar file that I need to be signed with my Apple Developer ID. I don’t intend to distribute it through the app store. I will be distributing the app directly to customers through my website. I’m not intending to bypass Gatekeeper. Signing the app with my developer ID is what will satisfy Gatekeeper when customers install the app and thus avoid a security prompt that I am an " Unidentified Developer ". Any help would be greatly appreciated 回答1: From apple.stackexchange

Unidentified developer for Java Web Start application on OS X

戏子无情 提交于 2019-12-21 03:35:23
问题 On Mac OS X 10.9 signed Java Web Start applications are blocked by default with the message: "application.jnlp" can't be opened because it is from an unidentified developer. I know it's possible to weaken the security checks to allow any application to run, but that requires a manual intervention of the end user. Is it possible to "sign" a Java Web Start application such that it is recognized as originating from an identified developer? Thank you 回答1: Apple does appear to support signing of

Mac DMG oddity - signing and “damaged” applications

蹲街弑〆低调 提交于 2019-12-10 14:49:54
问题 My Gatekeeper settings are "App Store and Identified Developers" I have a DMG with a signed app. When I mount the DMG and run it locally, it works. when I upload the same DMG to our servers (via http), download it (via http), mount it, and try to run the app I get a popup saying my application is "damaged and can't be opened. You should move it to the Trash. I have no idea what's going on. How can the same file run correctly locally, but when uploaded and downloaded it's corrupt? The server

How to codesign and enable the hardened runtime for a 3rd-party CLI on Xcode?

≯℡__Kan透↙ 提交于 2019-12-09 06:07:35
问题 My project needs the Ghostscript to do lots of tasks, so I have added the gs CLI tool into my project resource. However when I tried to notarize the project application, Xcode shows me this: I assume that might because the ghostscript portable CLI is a 3rd-party program from the internet and which doesn't have a codesign, also it has not been enabled the hardened runtime. On the latest MacOS Mojave I have to notarize applications to avoid the gatekeeper shows warnings during the user opens

Gatekeeper signing for OSX DMGs outside of OSX/XCode/Mac App Store?

好久不见. 提交于 2019-12-09 05:09:22
问题 From looking at notes for the upcoming OSX version (the one after OSX Lion), it appears that all DMGs/installers need to be signed, even if not distributed via the Mac App store. I couldn't find a command-line tool to do this signing though, or much documentation about obtaining a signing cert without submitting to the App Store. Can someone shed light on: 1) How to obtain a certificate without distributing you app via the Mac App Store? 2) How to sign a DMG without using built-in XCode tools

Using existing CA-issued cert to sign OS X application and keep Gatekeeper happy

痞子三分冷 提交于 2019-12-06 14:43:34
I build an OSX app which is distributed as a DMG outside of the Mac App Store, and I'd like to continue to have it be that way once Gatekeeper enforcement begins. From studying code signing documentation, it looks like the recommended approach is to get a "Developer ID" certificate and use that to codesign. However, you must be a registered OSX developer and pay Apple $99 each year. I already have a certificate from a recognized CA, and I would like to use it with codesign . I found documentation on how to do this, but I cannot tell whether Gatekeeper will allow applications signed using certs

What are the implications of codesigning an OS X application with a self-signed certificate?

蹲街弑〆低调 提交于 2019-12-06 04:10:56
问题 Apple seems to restrict some OS X APIs (e.g. sandboxing) to applications that are codesigned by a trusted certificate, e.g. one issued to members of the paid Mac Developer program. How does OS X treat applications that are codesigned with a self-signed (or a development) certificate? Will those features/APIs be available, and the only difference be that users with the default Gatekeeper settings cannot (easily) launch such an application? Will they be treated just like unsigned apps in every

What are the implications of codesigning an OS X application with a self-signed certificate?

随声附和 提交于 2019-12-04 09:29:32
Apple seems to restrict some OS X APIs (e.g. sandboxing) to applications that are codesigned by a trusted certificate, e.g. one issued to members of the paid Mac Developer program. How does OS X treat applications that are codesigned with a self-signed (or a development) certificate? Will those features/APIs be available, and the only difference be that users with the default Gatekeeper settings cannot (easily) launch such an application? Will they be treated just like unsigned apps in every way (entitlements and sandboxing disabled, warning for Gatekeeper users)? Or will a self-signed