Post not yet marked as solved
HOla Alguien sabe como cambiar el nombre cuando publico alguna App por error puse mi nombre personal, pero me gustaria cambiarlo... es el nombre del creador de la App
Post not yet marked as solved
I have a macOS app that I have been distributing for free outside the app store for more than 15 years, without notarization, without sandboxing, and without hardened runtime, all with no problems.
If I understand correctly, macOS will soon be modified so that it will not launch any developer-distributed apps that are not notarized. Notarization will require both hardened runtime and sandboxing, and unhappily, my app will not run when notarized -- I have added sandboxing and hardened runtime, than gotten it notarized and tried -- and that is because it will not run when sandboxed. Thus I have two questions:
Will there be some means, that I perhaps have missed, for my users to run my app as is, in un-notarized form with no sandboxing and no hardened runtime? (Assume that they are willing to click "Okay" on any macOS popups of the form "Abandon hope, all ye who enter here.") Perhaps I have missed something about the signing or distribution process ... ?
If not, is there some entitlement I can obtain to allow my app to run when sandboxed? Perhaps the question is even "Should there be such an entitlement?" And to that end, I must now explain why it cannot run sandboxed:
My app is a parallel processing system: To work properly it must open multiple copies of itself -- that's right, there will be multiple instances of the app window visible on the console, distinguished by tint, title and location so the user can tell which is which, and multiple app badges in the dock, similarly distinguished. Doing so is easy -- I use the c++ "system" function to call the Unix executable that is buried within the ".app" folder, passing it a command tail whereby the launched copy can tell how to distinguish itself. I build up the text string for the call piece by piece, but the result looks rather like this:
system("<path-to-my-app>/MyApp.app/Contents/MacOS/MyApp -tail-item-1 -tail-item-2 ... &");
The app is written in mixed C++ and Objective C. The usual "Main.mm" file contains the entry point for the program, a "main()" function that does nothing but call "NSApplicationMain()", but I have added code to "main()" that runs before the call of NSApplicationMain(). That code uses C function "getopt()" to look for the extra command-tail items. If any are present, the app acts appropriately -- generally assigning non-default values to global variables that are used later in initialization.
The first instance of the app that is called -- presumably by the user mousing on an icon somewhere -- knows by the absence of extra command-tail items that it is the first one launched, and thus knows to launch multiple additional instances of itself using this mechanism. The launched instances know by the presence of extra command-tail items that they are not the first one launched, and act differently, based on the command-tail items themselves.
All this has been working fine for over a decade when the app is not sandboxed and does not have a hardened runtime.
For what it is worth, the app will run with hardened runtime, provided the option "Disable Executable Memory Protection" is checked. Furthermore, when it is also sandboxed and I open it with no extra copies of itself launched (the number to launch is a preferences option), that single app instance runs fine.
I have instrumented the code, and what seems to be happening is that the system call to launch another app returns zero -- implying it succeeded -- but has no effect: It is as if someone had special-cased "system" to do nothing, but to report success nonetheless. That is an entirely reasonable feature of a hardened runtime -- allowing arbitrary system calls would be a security disaster looking for a place to happen.
The point is that my app would not be making an arbitrary system call -- it would be trying to open one specific app -- itself -- which would be sandboxed with a hardened runtime, and notarized. That is not likely to be a huge security problem.
Incidentally, not all system calls fail this way -- I can do
system("osascript -e 'tell app \"Safari\" to activate';");
or
system( "open -a \"Safari\" <path to a help file located in MyApp's Resources>");
with impunity.
Also incidentally, using AppleScript to launch another copy of MyApp from within itself doesn't do what I want: The system notices that MyApp is already running and just makes it active instead of launching a new copy, and there is no way to pass in a command tail anyway.
I don't wish to appear to be advertising, so I won't identify my app, but a little more detail might be useful: It is a parallel program interpreter. The language implemented is the "Scheme" dialect of Lisp. Each instance running is a complete read/eval/print loop embedded in an application window where the user can read and type. The first instance of the app launched mmaps a large memory area for the Lisp system's main memory: That works kind of like a big heap in more conventional programs. It is not executable code, it contains Lisp data structures that an application instance can access. The other instances launched use the same mmapped area. The shared memory has lots of lock bits. I use low-level "lockless coding" -- hand-coded assembler with the Intel "lock" prefix or the more complicated arm64 stuff -- to keep simultaneous access by different app instances from corrupting the shared memory.
Parallel Scheme has many uses, which include debugging and monitoring of running Scheme programs, and having multiple tail-recursive "actors" (Lisp jargon) operate on the same data at the same time.
Enough said. I would like to be able to notarize this app so that users who obtained it outside the app store could understand that Apple had checked it for dangerous code. If that were possible, I might even try submitting it to the app store -- but that would be another story.
Do I have any hope of keeping this product available?
Post not yet marked as solved
I have an App bundle that I signed with the certificate I received from my boss. despite signing and verifying it. it doesn't run on our test Mac without changing the trust settings. It gives an error saying that apple cannot check it for malicious software and software needs to be updated.
this is the result of running the code sign verification:
`codesign --display --requirements - --verbose=4 ./myapp.app
Executable=/Users/*removed*/Documents/test/myapp.app/Contents/MacOS/app
Identifier=com.*removed*.*removed*/
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20400 size=582872 flags=0x0(none) hashes=18208+3 location=embedded
VersionPlatform=1
VersionMin=851968
VersionSDK=852736
Hash type=sha256 size=32
CandidateCDHash sha256=*removed*
CandidateCDHashFull *removed*
Hash choices=sha256
CMSDigest=*removed*
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=48218112
Executable Segment flags=0x1
Page size=4096
Launch Constraints:
None
CDHash=*removed*
Signature size=9060
Authority=Developer ID Application: *removed*
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=*Removed*
Info.plist entries=15
TeamIdentifier=*Removed*
Sealed Resources version=2 rules=13 files=475
designated =&gt; identifier "com.*removed*.*removed*" and anchor apple generic and certificate 1[*removed*] /* exists */ and certificate leaf[*removed*] /* exists */ and certificate leaf[subject.OU] = *removed*`
I removed some info as I'm not sure if it'd be safe to share online. I apologize.
The projector is written in c++ and uses wxWidgets for GUI
Post not yet marked as solved
HiI have a flat pkg that I sucessfully notarised but when I come to staple the ticket I get the following error:"Although we wrote the ticket, the written data did not validate. Please restore thefile.pkg from backup to try again.The staple and validate action failed! Error 73."I did not touch the pkg in teh few minutes it took to receive the confirmaton email. The pkg itself looks notarised when I check it. Strange...
Post not yet marked as solved
Trying to notarize and AppleScript app following the instructions at Der Flounder (that are based on an Automator app).Code Signing works fineNotarization work fine.However when trying to stape the successful notarization the response to:xcrun stapler staple "/Volumes/HardDrive/MyApp.app"is:Processing: /Volumes/HardDrive/MyApp.app
CloudKit query for MyApp.app (2/936578f9cf6dff6314bdebeba427cac9dab3f7e8) failed due to "record not found".
Could not find base64 encoded ticket in response for 2/936578f9cf6dff6314bdebeba427cac9dab3f7e8
The staple and validate action failed! Error 65.
Post not yet marked as solved
Submit my app to Mac App Store. workflow:
Sign with cert: Developer ID Application ---> Success
Notarize ---> Success
Sign with cert: 3rd Party Mac Developer Application ---> Success
productbuild with cert: 3rd Party Mac Developer Installer, and get .pkg artifact---> Success
Transporter upload ---> Success
TestFlight notify, and app update to the latest version ---> Success
Click open, and then the ERROR comes like the screenshot photo
So I'm confusing which step's wrong. And I believe my account certificates, profiles are all configured with no problem.
Anybody have any clues? I've been here for many days.
Post not yet marked as solved
Hi,
I have a signed and notarized .pkg file. When I distribute this to my users, they're prompted if "Installer" can access files in the Downloads folder.
Most of them click "OK", so that this installer can succeed, however those that click "Don't allow" can never install the .pkg file again.
I've checked the following to no obvious resolution:
Quarantine flags (no obvious flags were found)
System Preferences, Security, Files and Folders (Installer.app is not listed)
spctl --list (The .pkg shows there, but nothing obvious about it being blocked)
A workaround is to copy this .pkg file to the Desktop folder. When run, the same prompt will appear again, except for the "Desktop" folder. If you click "OK", it succeeds.
Since this behavior prevents the .pkg from running from Downloads ever again, how can this be reverted/fixed?
I have my macOS app, which I'm distributing outside the MAC App Store through Notarizing the App. When my end-user unzipped my App (which they downloaded from a shared URL path) and opened it, It crashed after the first time opening (by clicking on the Gatekeeper check popup: "Chrome downloaded this file today at 11:10 AM. Apple checked it for malicious software and none was detected. ")
In my macOS app (distributing outside the MAC App Store through Notarizing the app), though I removed AppSandbox capability, I am still not able to read/write to the Resource folder.
Error
ESPlus-2023-06-28-173050_ips.txt
Error Domain=NSCocoaErrorDomain Code=513 "You don’t have permission to save the file “SupportTextFiles” in the folder “Resources”." UserInfo={NSFilePath=/x.app/Contents/Resources/SupportTextFiles, NSUnderlyingError=0x6000030e3c00 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}
Post not yet marked as solved
Hi,
I distribute my app for macOS outside AppStore. I implemented Auto Update function which worked perfectly up to Ventura 13.0. And it was broken since Ventura 13.1+
The old version of my app downloads a ZIP arhive with a new version to temporary folder and unpack it to User's Library > Application Support > My AppFolder.
The new unpacked version gets attribute com.apple.quarantine and the old app cannot run it.
Before Ventura 13.1 the new unpacked app could be run successfully and it closes the old version and replaces the old APP bundle in Applications. And then a copy of new app in a temporary folder is being deleted.
In fact, the new APP could work as an agent to perform the update of my app.
Both apps (old and new) are signed and notarized by one team (the same signature).
Post not yet marked as solved
from some reason after some time my application dmg was signed and worked perfectly fine i started to get "cannot be opened because the developer cannot be verified." when clicking on the application after it was installed.
when running the signing process i get
Current status: Accepted...............Processing complete
when checking the Submission ID received at apple it also showed approved
what other issues might it be?