.DMG distribution quarantine problems

Yes, app translocation will run the app from a read only path until you copy the app somewhere else. A solution to your issue would be to bundle the data inside your app, and read it from the app bundle if it doesn't need to be modifed. Or ask the user where to write that data if your data needs to be modified.

Another solution is to sign the .dmg file too, that should avoid app translocation if I remember correctly.

Is the app and/or dmg notarized? Can you explain why the data file isn't in the app bundle? You could use an installer package that would install both your app and the data file. That seems like it would solve the problem. Or you could download the file at first run.

Yes, app translocation will run the app from a read only path until you copy the app somewhere else.

Right. For more on Gatekeeper path randomization (more commonly known as app translocation), check out WWDC 2016 Session 706 What’s New in Security.

A solution to your issue would be to bundle the data inside your app, and read it from the app bundle if it doesn't need to be modifed.

Yep.

Or ask the user where to write that data if your data needs to be modified.

Or just store it in one of the standard well-known locations.

Another solution is to sign the

.dmg

file too, that should avoid app translocation if I remember correctly.

Right. This is one of the many items I cover in Signing a Mac Product For Distribution.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for your reply!

The .dmg file is signed. It was signed on a system running Sierra.

Does this sound like a problem with the signing or does the app inside the DMG perhaps needs to be notarized in order to the quarantine problem?

Thanks for your reply!

Bundling the data inside the app and asking the user where to write the data isn't a good option for us.

The .dmg file is signed It was signed on a system running Sierra.

Does this sound like a problem with the signing or does the app inside the DMG perhaps needs to be notarized in order to the quarantine problem?

Thanks for your reply!

The app and dmg are not notarized. The .dmg file is signed. It was signed on a system running Sierra.

Does this sound like a problem with the signing or does the app inside the DMG perhaps needs to be notarized in order to the quarantine problem?

The app was written for my organization by a subcontractor who is no longer available, and we don't have the source code, so we're stuck with the data file where it is.

Downloading the data file at first run does work, I am trying to figure out if there is a way to avoid that.

does the app inside the DMG perhaps needs to be notarized in order to the quarantine problem?

If you notarise the disk image, the app inside the disk image is included in the ticket. There’s no need to notarise it independently.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks!

Can you offer any advice on how to submit a disk image for notarization? I have found many articles that talk about the requirements for notarization but not that specifcally describe how to request notarization.

Thanks much for any furher advice you can offer.

Can you offer any advice on how to submit a disk image for notarization?

There are two parts to this:

• Create the disk image

• Submitting the disk image

With regards the first, my Signing a Mac Product For Distribution post has specific advice on this.

Note The main trap that folks fall into is that they try to submit an image in the wrong format, that is, not UDZO.

With regards the second, you pass the disk image to

altool

-f

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thank you!