Notarization.

Code Signing Notarization
macsrule
macsrule OP
Created 1d
Replies 3
Boosts 0
Views 28
Participants 2

Hi, I've code-signed my app and notarized it, and created a DMG, and when I slacked it or airdropped it to someone for testing the FIRST time they open it, they get a warning that it was Slacked or airdropped to them and do they want to open it. if they say yes everything is fine. So looking through here someone said I need to sign the app and then make a dmg and sign the dmg and then send that for notorization and then staple that. So I did, and I still get a warning the first tie someone try's to run it.

What am I doing wrong? I know I can buy software and not get a warning from apple. so how do I get my app to work correctly like that?

Answered by DTS Engineer in 830157022
Written by macsrule in 777189021
if they say yes everything is fine.

OK, cool. That means that you’ve correctly signed and notarised your app.

Written by macsrule in 777189021
I still get a warning the first tie someone try's to run it.

Yep. That’s how Gatekeeper works. If the user gets your app via a user-level mechanism — Safari, AirDrop, whatever — then the app is quarantined and Gatekeeper always requires user approval the first time it’s launched.

If the app were incorrectly signed, Gatekeeper would block it from launching completely.

For more about this mechanism, see the Safely open apps on your Mac article on the customer support site.

Written by macsrule in 777189021
I know I can buy software and not get a warning from apple.

Buy from where?

Apps that you get from the App Store are checked by Gatekeeper but it doesn’t present a user approval alert in that case. The confirmation done by App Store itself is sufficient.

If you got the app from a third-party app distributor — for example, games vendors often have their own way to download and install their games — then the behaviour will vary based on how they set things up.

ps I described my standard way of testing for Gatekeeper compatibility in Testing a Notarised Product.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  3
Boosts  0
Views  28
Participants  2
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
1d
Recommended
Written by macsrule in 777189021
if they say yes everything is fine.

OK, cool. That means that you’ve correctly signed and notarised your app.

Written by macsrule in 777189021
I still get a warning the first tie someone try's to run it.

Yep. That’s how Gatekeeper works. If the user gets your app via a user-level mechanism — Safari, AirDrop, whatever — then the app is quarantined and Gatekeeper always requires user approval the first time it’s launched.

If the app were incorrectly signed, Gatekeeper would block it from launching completely.

For more about this mechanism, see the Safely open apps on your Mac article on the customer support site.

Written by macsrule in 777189021
I know I can buy software and not get a warning from apple.

Buy from where?

Apps that you get from the App Store are checked by Gatekeeper but it doesn’t present a user approval alert in that case. The confirmation done by App Store itself is sufficient.

If you got the app from a third-party app distributor — for example, games vendors often have their own way to download and install their games — then the behaviour will vary based on how they set things up.

ps I described my standard way of testing for Gatekeeper compatibility in Testing a Notarised Product.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
macsrule
macsrule OP
1d

I'm talking outside the app store. I would expect applle would make the UX seemless for the app store. Is there not a procedure to follow to make gatekeeper happy? I can download photoshop and not get a warning.

0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
5h
Written by macsrule in 830201022
Is there not a procedure to follow to make gatekeeper happy?

This is the happiest that Gatekeeper ever gets (-:

I’m not in a position to download Photoshop right now, but let’s look at another popular app that’s been around for about as long, namely BBEdit:

  1. Using macOS 15, I went to the developer website: https://www.barebones.com

  2. I clicked Download > BBEdit 15.1.4.

  3. Using the Finder, I mounted the resulting disk image.

  4. I dragged BBEdit to the Applications folder link, which copied it off the disk image to the Application folder.

  5. I then launched it from the Applications folder.

  6. I got the alert:

“BBEdit” is an app downloaded
from the internet. Are you sure 
you want to open it?

Safari dowloaded this file today at
10:02. Apple checked it for malicious
software and none was detected.

[Cancel] [[Open]]

This is the experience you should expect for all directly distributed software on the Mac. When you download a file using Safari, it quarantines that file. When you mount a quarantined disk image, that quarantine is extended to the contents of the disk image. When you copy a file off the disk image, Finder preserves the quarantine. When you launch a quarantined app, Gatekeeper assesses it. If it’s Developer ID signed and hasn’t been launched before, it does a full check and, assuming the app passes that check, it presents that alert.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Notarization.
First post date Last post date
 
 
Q