My team is distributing a cross-platform app outside the Mac App Store via ZIP file. The app works perfectly on Windows, but on macOS, while the ZIP downloads and extracts without issue, the app refuses to open. Users see either the app appear in the dock then immediately disappear or a Gatekeeper prompt saying the developer cannot be verified. We suspect the root cause is related to code signing and/or notarization, but we're not entirely sure where the breakdown is occurring.
We have a few questions as we work through this. For ZIP-based distribution outside the Mac App Store, is both a Developer ID certificate and Apple notarization required on current macOS versions? We've also seen references to using ditto instead of Finder's built-in Compress option when packaging the ZIP. Is that necessary to properly preserve the app bundle structure and extended attributes?
Any guidance on where this process might be going wrong would be hugely appreciated. Thanks!
is both a Developer ID certificate and Apple notarization required on current macOS versions?
Yes.
Developer ID signing has been required for a long time (10.8?). Notarisation for apps has been required since 10.14.
Is [ditto] necessary to properly preserve the app bundle structure and extended attributes?
Yes and no.
If you compress with the Finder then extended attributes get sequestered, which is not good. See Extended Attributes and Zip Archives. The ditto tool doesn’t do that by default.
However, in an ideal world this wouldn’t matter because your code signature should not depend on extended attributes. If you find that it does, that suggests your have a bundle structure problem. We talk about this more in TN3126 Inside Code Signing: Hashes and Placing content in a bundle.
As to what’s actually happening here, it’s hard to say without more info. However, I can offer some general guidance.
It sounds like you’re not using Xcode to build your app, in which case you should follow the process described in:
If you encounter problems, I recommend that you use a VM to isolate those problems into a reproducible case. See Testing a Notarised Product.
I also have a tree of forums posts, rooted at Resolving Trusted Execution Problems, that explain how to debug this stuff.
Finally, Code Signing Resources, and the other Resources posts that it links to, are chock-full of links about this stuff.
And if you get stuck, I’m happy to answer follow-up questions here.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"