We're trying out using a 3rd party java applet as part of our suite, but we're getting inconsistent results that seem to be related to signing. "Fortunately," I can trivially reproduce it!
It pops up a dialogue saying "Apple could not verify “java” is free of malware that may harm your Mac or compromise your privacy"; if I click through the dialogue and the system settings, it then does the same for each of the dylib files.
The file seems to be signed, so is this a matter of it not being notarized? Will we have to sign and notarize them all on our own?
I’m not sure what’s going on here but, in general, macOS has two distribution channels for native code:
- Mac App Store
- Direct distribution using Developer ID signing
For the latter, Gatekeeper requires that all native code be signed and notarised.
Gatekeeper does not require that all the code in a single product be signed by the same team. So, it’s possible to get code signed and notarised by someone else and embed it in your product. However, if you modify that code to break the seal on the code signature, you’ll need to re-sign and then re-notarise.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"