osx-gatekeeper

My project needs the Ghostscript to do lots of tasks, so I have added the gs CLI tool into my project resource. However when I tried to notarize the project application, Xcode shows me this: I assume that might because the ghostscript portable CLI is a 3rd-party program from the internet and which doesn't have a codesign, also it has not been enabled the hardened runtime. On the latest MacOS Mojave I have to notarize applications to avoid the gatekeeper shows warnings during the user opens the DMG file. But it seems the notarizing is hard to pass if the application contains a 3rd-party CLI. Is

On Mac OS X 10.9 signed Java Web Start applications are blocked by default with the message: "application.jnlp" can't be opened because it is from an unidentified developer. I know it's possible to weaken the security checks to allow any application to run, but that requires a manual intervention of the end user. Is it possible to "sign" a Java Web Start application such that it is recognized as originating from an identified developer? Thank you Apple does appear to support signing of webstart -- but not directly. You have to bundle it in an archive. See the note at the bottom of this page:

From looking at notes for the upcoming OSX version (the one after OSX Lion), it appears that all DMGs/installers need to be signed, even if not distributed via the Mac App store. I couldn't find a command-line tool to do this signing though, or much documentation about obtaining a signing cert without submitting to the App Store. Can someone shed light on: 1) How to obtain a certificate without distributing you app via the Mac App Store? 2) How to sign a DMG without using built-in XCode tools (preferable a cross-platform tool)? Thanks! Codesigning is described in detail here and here -

I have java applet signed with thwate certificate and need to sign it with Apple Developer ID. As is well-known, Mac OS X 10.8 requires Java applications to be signed with Apple Developer ID. It causes some problems with running Java applets, Gatekeeper says that "The digital signature could not be verified". There are the same issues OS X 10.8 Gatekeeper and Java applets and Sign java applet so that it works on OS X 10.8 Mountain Lion and Windows I also found this in Oracle's Mac FAQ: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/mac-faq.html#gatekeeper So, I requested and

I am trying to distribute a Java application to OS X users. I am not using the Mac store - it is to be distributed through my own website. Whatever I try, OS X's Gatekeeper rejects the app. Here's my method: (1) Build the app as usual, get a JAR file (2) Use appbundler as described here: https://docs.oracle.com/javase/7/docs/technotes/guides/jweb/packagingAppsForMac.html . This creates a .app around my JAR which runs nicely, and contains the JVM in the MyApp.app/Contents/PlugIns directory. (3) Sign the app with my Developer certificate: codesign -s 'Developer ID Application: MyCompany Ltd' -

I have a Mac app which I have signed using the 'productsign' command from the terminal productsign --sign "3rd Party Mac Developer Installer: My company (dasdfjkaj)" InstallerUnsigned.pkg InstallerSigned.pkg productsign: signing product with identity "3rd Party Mac Developer Installer: My company (dasdfjkaj)" from keychain /Users/me/Library/Keychains/login.keychain productsign: adding intermediate certificate "Apple Worldwide Developer Relations Certification Authority" productsign: Wrote signed product archive to InstallerSigned.pkg I then ran the assess command spctl -a -v --type install

So we have a certificate that allows us to sign kexts, but when we run > sudo kextload friendly.kext, it fails and we sign the kext we want, and to prove it's signed, here's some diagnostic output: 👉 codesign --verify -vvvv friendly.kext friendly.kext: valid on disk friendly.kext: satisfies its Designated Requirement 👉 spctl -a -vvvv friendly.kext friendly.kext: accepted source=Developer ID origin=Developer ID Application: Friendly Corporation /Library/Extensions 👉 codesign -dvvv friendly.kext Executable=/Library/Extensions/friendly.kext/Contents/MacOS/friendly Identifier=com.friendly.friendly