Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unsigned Mac binary leads to warning message "The application is damaged..." #555

Open
Phillipus opened this issue Nov 18, 2019 · 8 comments
Open
Labels

Comments

@Phillipus
Copy link
Member

@Phillipus Phillipus commented Nov 18, 2019

TL;DR - Just type this in at the Terminal (change path/to/ part):

xattr -r -d com.apple.quarantine /path/to/Archi.app

I'm putting this here to highlight that this is a known issue and also to discuss the possibility of signing the Mac Archi binary.

The issue is due to Gatekeeper on MacOS. If an app that is not signed is run on a Mac it can lead to one of two error dialog messages:

“Archi can’t be opened because it is from an unidentified developer.”

This is easy to solve by Control-click or by right clicking the app and selecting “Open” from the contextual menu that appears, then click “Open” in the dialog box.

Or the message may say:

"Archi is damaged and can’t be opened. You should move it to the Trash."

Normally one can solve this by following these instructions.

However, on MacOS Catalina (10.15) users are getting the "Archi is damaged..." message even after applying the sudo spctl --master-disable command.

This can be solved by following these instructions.

One thing to note - this last case applies to Archi 4.6 but not Archi 4.5.1. I don't know why this is. Perhaps something to do with Archi 4.5.1 using Eclipe 4.11 and Archi 4.6 using Eclipse 4.13.

The information on how to solve this issue is present:

However. some users miss this information and they then report the issue. (I can't blame them for that, users shouldn't have to deal with this).

@Phillipus

This comment has been minimized.

Copy link
Member Author

@Phillipus Phillipus commented Nov 18, 2019

To solve this problem we could sign the Mac binary.

To sign an app we need to:

  • Pay Apple $99 a year for a dedicated individual Apple developer ID and account
  • Set up two factor authentication for that Apple ID
  • Set up that account on a physical Mac
  • Ensure that account is separate from any personal Apple ID on that machine
  • Add the developer certificates to the keychain on that Mac
  • Set up the signing process
  • Create a DMG file for the Archi build on a Mac
  • Sign the binary for the Archi build on a Mac
  • Upload and Notarize the binary with Apple
  • Test the build on another Mac

There is no way to test this process without committing to $99. I'm not even sure if it will work.

I am averse to this for many reasons, the main one being that I dislike that we have to pay Apple to distribute free and open source software. We don't have to do this for Windows or Linux.

@Phillipus Phillipus changed the title Mac binary not signed leads to message "the application is damaged" Unsigned Mac binary leads to warning message "The application is damaged..." Nov 18, 2019
@Phillipus

This comment has been minimized.

Copy link
Member Author

@Phillipus Phillipus commented Nov 18, 2019

What would be ideal is if someone who has an Apple Developer account could do a test to see if signing the Archi.app is possible before we commit to this. If they could do that and let us know what they did that would be very helpful. :-)

This process is horribly complicated and I'm not sure if it can be automated.

If Archi Mac users would like to see this done, then they might consider helping out with this. Until then things will remain as they are and it is up to end-users to apply the workaround outlined above.

@Phillipus

This comment has been minimized.

Copy link
Member Author

@Phillipus Phillipus commented Nov 21, 2019

For an individual user the "quarantine bit" workaround is do-able but an inconvenience. An organization or company that may not be able to do this has the option of building from the source code and creating their own binary distribution, or perhaps signing the existing binary with their own certificate and distributing that internally.

Fortunately, Archi is open source and free and so there are many options, including contributing to solve this issue.

@jbsarrodie

This comment has been minimized.

Copy link
Member

@jbsarrodie jbsarrodie commented Nov 21, 2019

I'll see with some clients if one of them can help us on this aspect.

@hkmsn

This comment has been minimized.

Copy link

@hkmsn hkmsn commented Nov 29, 2019

I have followed the instructions, the bit appears unset. However still getting the same issue. Using Catalina V10.15.1. Any other suggestions?

@Phillipus

This comment has been minimized.

Copy link
Member Author

@Phillipus Phillipus commented Nov 29, 2019

I have followed the instructions, the bit appears unset. However still getting the same issue. Using Catalina V10.15.1. Any other suggestions?

Nothing else to suggest. You have to ensure the path to the Archi.app is correct:

xattr -r -d com.apple.quarantine /path/to/Archi.app

@hkmsn

This comment has been minimized.

Copy link

@hkmsn hkmsn commented Nov 29, 2019

Yes, followed all the instructions -- not working. Will try downloading Eclipse and build from scratch

@hkmsn

This comment has been minimized.

Copy link

@hkmsn hkmsn commented Nov 30, 2019

I can get it to run, by downloading Eclipse/source, then using Product Export Wizard to create an executable. Following the instructions didn't work- only seen this issue, with the 4.6 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.