macOS application signed but is damaged after https download

I want to distribute my app with my developer ID. This works fine in a dmg or zip container if I download it on another Mac by FTP. But if I download it by HTTPS macOS brings a Popup:

“Rocrail.app” is damaged and can’t be opened. You should move it to the Bin.

I don't understand the diff between FTP and HTTPS download...

How can I fix this?

Locally I can fix this with xattr -cr But thats not OK for end users.

It’s likely that your app isn’t passing Gatekeeper and:

  • You see the problem with HTTP because your HTTP client quarantines the download.

  • You don’t see the problem with FTP because your FTP client doesn’t.

Let’s start the first step: Did you notarise your app?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

macOS application signed but is damaged after https download
 
 
Q