I've signed an app, zipped it, and uploaded it to github. When I download it on another Mac, I get "it can't be opened because it could not be verified for malware".
But on that computer, I can verify it with codesign, and it appears to be correct (as far as I can tell).
I can copy/paste the app from my other Mac, and that copy will run without problem.
sys_policy, however, gives:
Notary Ticket Missing File: ReView.app Severity: Fatal Full Error: A Notarization ticket is not stapled to this application. Type: Distribution Error
This is the same for the copy that runs, and the copy that doesn't.
The difference between them appears to be a quarantine xattr. I can delete this, and the app launches without incident.
Is this expected? Why should a signed app be quarantined just because it's been downloaded?
The whole point of paying the fee is to avoid the security obstacles...! ;-)
Why should a signed app be quarantined just because it's been downloaded?
Because that’s what quarantine is for. User-level downloaders, like Safari, quarantine stuff so that Gatekeeper runs when the user uses that stuff [1]. I talk more about this overall process in the first few sections of Resolving Trusted Execution Problems.
Did you notarise your app? If not, that’s the first thing to fix. Notarisation Resources has links to documentation describing how to do this, and a lot more besides.
Once your app is notarised, I recommend that you re-test using the process described in Testing a Notarised Product.
If your app is notarised and still fails to pass Gatekeeper, run syspolicy_check against it. See the Run a System Policy Check section of Resolving Trusted Execution Problems
If you continue to have problems, reply here with the details and I’ll see what I can do to help.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Gatekeeper can run at other times, but this is the standard case.