User Profile

Same issue for me… on a MacBook Pro 2016 w/TouchBar. Catalina installed on an external SSD.

I have installed beta 3, and it seems to fix the issue for me:% spctl --assess --verbose --ignore-cache --type open --context "context:primary-signature" Hopper-4.5.12-demo.dmg Hopper-4.5.12-demo.dmg: accepted source=Notarized Developer IDI haven't changed anything to the DMG file: after installing the beta 3 update, I have deleted the content of my Downloads folder, and I have downloaded the DMG from my website, like any regular customers. The DMG opened just fine.

This is a standard account. I’ve filled a radar, just in case... By the way, I’ve searched for signed DMGs on the Internet. I haven’t found many, but same issue each time (for instance, latest version of FS-UAE at https://fs-uae.net). The irritating thing is that unsigned DMGs open just fine without any warning 😕... But I need signed DMG for Sparkle to work properly...

I have a similar issue with my application.All work perfectly fine on the latest Mojave version.I have an application bundle, which has been signed, and notarized. This process went fine, no problem even on Catalina. the spctl command works fine;This application is packaged in a DMG for distribution purpose. The DMG has been signed using my Developer ID Application certificate with the following command:% codesign -s "Developer ID Application" --timestamp Hopper-4.5.12-demo.dmgthen the DMG has been sent for notarization, and stapled (I just removed the --username and --password of the first command):% xcrun altool --notarize-app --primary-bundle-id "com.cryptic-apps.hopper-web-4" --file Hopper-4.5.12-demo.dmg ... % xcrun stapler staple Hopper-4.5.12-demo.dmg Processing: /Users/bsr/Downloads/Hopper-4.5.12-demo.dmg Processing: /Users/bsr/Downloads/Hopper-4.5.12-demo.dmg The staple and validate action worked!When I check the final DMG, the signature seems valid:% codesign -dvvv Hopper-4.5.12-demo.dmg Executable=/Users/bsr/Downloads/Hopper-4.5.12-demo.dmg Identifier=Hopper-4.5.12-demo Format=disk image CodeDirectory v=20200 size=306 flags=0x0(none) hashes=1+6 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=700a0162de956bce7163e5b81bbc5fb9c87af48b CandidateCDHashFull sha256=700a0162de956bce7163e5b81bbc5fb9c87af48bb5039f7a3cef2e657bdc51ba Hash choices=sha256 CMSDigest=700a0162de956bce7163e5b81bbc5fb9c87af48bb5039f7a3cef2e657bdc51ba CMSDigestType=2 CDHash=700a0162de956bce7163e5b81bbc5fb9c87af48b Signature size=8923 Authority=Developer ID Application: Cryptic Apps (2AMA2753NF) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=26 Jun 2019 at 11:36:24 Info.plist=not bound TeamIdentifier=2AMA2753NF Sealed Resources=none Internal requirements count=1 size=180The stapler validation seems OK too:% xcrun stapler validate Hopper-4.5.12-demo.dmg Processing: /Users/bsr/Downloads/Hopper-4.5.12-demo.dmg The validate action worked!But I have issues with spctl (the same command works on Mojave):% spctl --assess --verbose --type open --context "context:primary-signature" Hopper-4.5.12-demo.dmg Hopper-4.5.12-demo.dmg: rejectedAn interesting point is that "--type install" works (??):% spctl --assess --verbose --ignore-cache --type install Hopper-4.5.12-demo.dmg Hopper-4.5.12-demo.dmg: accepted source=Notarized Developer IDBut I have an error if I double-click on the DMG in the Finder on Catalina (it works fine on Mojave)...