Notarization is very confusing

I have built a flutter desktop app and I notarized it. I have to distribute it directly as I cannot turn on App Sandboxing due to the functions included in the application. I created a build of the app from Xcode and then uploaded it for notarization and it was successfully notarized.

If I compress that app into a .zip and share it over the internet, it successfully opens on any computer.

But when I create a dmg using appdmg from npm and I try to distribute it, it does not open and shows me the option to either move to bin or cancel.

When I notarize the dmg using the command:

 xcrun notarytool submit "YourApp.dmg" 
 --apple-id "email" 
 --password "app-specific-password" 
 --team-id "YOUR_TEAM_ID" 
 --wait

It notarizes successfully.

I have also done:

 xcrun stapler staple "YourApp.dmg"

And validated it but it does not seem to work when I distribute it over the internet by uploading on my website.

It is a bit strange that when I distribute the notarized app, it does not show any error when distributed over the internet by uploading on my website and then downloading but for a notarized dmg, which is properly signed, it gives that error that wether move to bin or do nothing.

Would love someone's help on this!

Problems like this do crop up from time-to-time, most commonly because of a problem with either the app’s structure (Placing Content in a Bundle) or packaging (Packaging Mac software for distribution). I have a whole series of DevForums posts explaining various techniques for debugging them (Resolving Trusted Execution Problems) but these days I generally start by running syspolicy_check against the app. What does it say in the disk image case?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

It’s better if you reply as a reply, not in the comments; see Quinn’s Top Ten DevForums Tips for this and other titbits.

Which is why it does not let me open the app.

Right. Quarantine and Gatekeeper go hand in hand. For a high-level explanation of how that works, see the Gatekeeper Basics section of Resolving Trusted Execution Problems.

You goal here is not to avoid quarantine, but to sign and package your product such that, when it’s quarantined and Gatekeeper checks it, it passes the Gatekeeper check.

I don't really know how to run syspolicy_check against a dmg.

You can’t. Instead, run the tool against the app on the disk image.

Ultimately I recommend that you test this using the process described in Testing a Notarised Product. Right now, however, you have a specific problem — running the app off the disk image — and hence my specific recommendation.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Notarization is very confusing
 
 
Q