Hi, I'm shipping a GUI app based on Golang outside App Store distribution, for the distribution, I have already sign and notarize the .App and the .Pkg installer, now there is a feature called self-update on my app which basically
- app check if there is any update
- the same program request a sudo access to rewrite current binary file content
- the program will restart after the update completed
Now, I have already sign the updated binary via signing and notarization process, and I take the compiled Golang binary inside Content/MacOS to be used for self-update proses
but it doesn't work as expected, the updated binary are fail to run with error "Can't open the app" or if we try to call it on CLI, it will show "Killed 9"
what did I'm missing? thankyou
There are two likely causes for this problem. The first is the issue described in Updating Mac Software. You can rule this out very easily: Restart after doing the update. If that fixes the crash then you need to look at how your updater is implemented.
The second potential cause relates to your app’s bundle structure. When you sign an .app bundle, the system seals over all the resources in that bundle. If you replace just the executable, you have to be very careful that the signature you end up with is correct.
So, let’s say you have two versions of your app, N and N+1. To build an incremental updater you need to sign both versions of the app — the .app bundle, not just the executable — and then generate your diffs from those signed versions. If you only changed the code then it’s likely that only the main executable will change, but you need to make sure that that executable is signed in the context of its bundle.
If none of the above helps, I recommend you have a read through Resolving Trusted Execution Problems for many more hints and tips.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
