Signed application on signed dmg says it is from an "unknown developer"

Code Signing Certificates, Identifiers & Profiles
dawn2dusk OP
Created Oct ’17
Replies 3
Boosts 0
Views 3.6k
Participants 1

I'm having an issue with my installer disk image.


The disk image consists of two applications, both signed by Xcode using my Mac Developer certificate. I've verified their signatures using RB App Checker Lite.


I then create a disk image (dmg) file, which I sign with my developer ID (i.e. codesign --sign "Developer ID Application: James Bucanek (XYZXYZXYZXYZ)" Release.dmg)

I tested the disk image with spctl -a -t open --context context:primary-signature -v Release.dmg, and it is accepted.

I upload my image to a website and download it again using Safari. The dmg file is now quarantined.


I can open the quarantined dmg file. But when I launch my application, I get a dialog that says "“Install” can’t be opened because it is from an unidentified developer."


I verified that the downloaded dmg file is still signed with my Developer ID certificate and the Install application is still signed with my Mac Developer certificate.

Xcode 9.0.1, macOS 10.13

Any suggestions?

Replies  3
Boosts  0
Views  3.6k
Participants  1
dawn2dusk OP
Nov ’17

Update:


New day, fresh start.


It appears that the app is NOT being signed correctly by Xcode, but the problem doesn't occur until gatekeeper sees that it's a quarantined copy. So, it's back to Xcode....

0
dawn2dusk OP
Nov ’17

I'm stuck again. The problem is my app is not being properly signed.


In Xcode, I have the app target set to "Automatically Manage Signing". After Xcode builds the app, I run a test, like this:


$ spctl --assess --type exec -vvv Install.app

/Users/james/Library/Developer/Xcode/DerivedData/Quantum_Recall-bhugcbwplbjgbebnovweskvpglbc/Build/Products/Development/Install.app: rejected

origin=Mac Developer: James Bucanek (XXXXXXXXXX)


So I'm not sure where to go from here. Everything in Xcode looks correct, and entire project builds without any errors, but the app is invalid for some reason.


Note: this app is one part of a much larger project, but it's a trivially simple app (literally, two files), that assists the user in installing or upgrading the product. There are no frameworks, helper resources, or anything else that should trip code signing up.


Is it time to talk to developer services?

0
dawn2dusk OP
Nov ’17

I fixed it.


Xcode 9's not-so-helpful offer to mangage signing automatically completely mucked up the settings in my project. I've gone back to manual signing, selected the correct certificates, group, and special signing options. Everything appears to be working again. The app on the quanantined disk image gives the standard "You've downloaded this from the internet" warning and (most importantly) the app isn't jailed when it launches.


Sorry for the noise. I'll file a feature request that the "Automatically Manage Signing" doesn't undo a perfectly good, or non-App Store, configuration.

0
Signed application on signed dmg says it is from an "unknown developer"
First post date Last post date
 
 
Q