Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Exported applications report “this application is damaged” #2095

Closed
medecau opened this Issue Sep 25, 2013 · 28 comments

Comments

Projects
None yet
9 participants

medecau commented Sep 25, 2013

An application exported any processing sketch will not open when downloaded from the web. It fails even before prompting the user if it is OK to run the app downloaded from the internet.

I have found this to be hard to replicate as it seems to only happen on some recent MACs.

http://forum.processing.org/topic/help-app-exported-doesn-t-work

Owner

benfry commented Sep 25, 2013

Are you using the most recent version of Processing (2.0.3)? This might happen with older releases, or software created by older releases (due to an Apple bug), but it should be fixed by now.

Owner

benfry commented Sep 25, 2013

(Updated issue title from “Application sketch crash on startup - MAC”)

medecau commented Sep 25, 2013

Yes, I tried this after updating and still crashed. And double checked today.

Thanks for looking into this.

Owner

benfry commented Sep 25, 2013

Are you exporting a Mac application with the Windows version of Processing?

medecau commented Sep 25, 2013

No.
This is an export being made in OS X 10.8 (mine) for OS X 10.8 (my sisters).
I can run it on my comp. but she can't.
I export all three options but I'm only seeing problems in the MAC version because that's what I have.

Ben, I left some details in the forum post but if you need any more info let me know.

Owner

benfry commented Sep 25, 2013

Do you both have the same settings for System Preferences > Security & Privacy > General > “Allow applications downloaded from”?

Usually that message means that the digital signature on the app is bad. But we don't digitally sign exported apps, so I'm trying to figure out where it's running afoul of Apple's Gatekeeper system that's probably causing the error.

Also, on the machine that has the problem, try first opening /Applications/Utilities/Console.app, and see if when you try to run the app, a more specific message pops up there.

medecau commented Sep 25, 2013

Aaaaaand that solved the problem, thank you very much.

Should we put this on the wiki somewhere?

Owner

benfry commented Sep 25, 2013

What was the change?

medecau commented Sep 25, 2013

Changing the security options like you said solved the problem.

Owner

benfry commented Sep 25, 2013

To what, though? Turning it off completely? What setting did you change hers to?

medecau commented Sep 25, 2013

There's three options there, one is for apps from the app store, the other for app store and development and the other option is for everything.

We changed that to allow all apps from everywhere, so the third option.

Owner

benfry commented Oct 28, 2013

I can't seem to reproduce this problem with Processing 2 (in particular 2.1). It should never report that the application is “damaged”.

It may report that it's from an unknown developer, but for that, you can right-click and select Open, or change the security settings.

As I mentioned earlier, applications exported from Processing 1.5 may report that they are damaged when run on OS X 10.8 or later, but that's a very old release and we can't fix it.

Can anyone confirm that they've seen this with Processing 2.1 and OS X 10.8?

medecau commented Oct 28, 2013

All systems that I have access to have been upgraded to 10.10 Mavericks or are stuck on 10.6.

Owner

REAS commented Oct 28, 2013

I'll try it from 10.8, 2.1. Added to TODO. This is a new issue for me.

Owner

REAS commented Nov 6, 2013

OK, I'm able to reproduce this issue. OS X 10.8.5 and Processing 2.1.

I'm exporting the application, then zipping, then putting on a server. Then downloading. The OS seems to be immediately unzip the file transparently when it finishes downloading. Then when double-clicking on the file, the "damage" error message appears.

After changing my General Security and Privacy settings to "Anywhere" I get the attached message and when I click "open" it opens the application without an issue.

screen shot 2013-11-05 at 4 50 30 pm

Owner

REAS commented Nov 6, 2013

Now, when I switch my privacy setting back to "Mac App Store and identified developers", I get the damage error message again, see screen capture.

screen shot 2013-11-05 at 4 53 13 pm

FYI, I'm not exporting Java with this app and I'm running on a retina MacBook Pro.

I have also encountered this exact "damaged" error message with OS 10.9. I transferred an exported Processing 2.1 sketch through AirDrop. The suggested workaround worked for me as well, but it looks like it's not an isolated instance.

EmLR commented Jan 17, 2014

Hi, I'm having a similar problem with Processing 2.1 + Mac OS X 10.9.1 Mavericks.
Seems to be split into 2 problems:
Did an app, exported it and sent it via google drive so other people could open and play with it.

  1. Receivers could download the app but not open it, having an error saying their OS X version was too old (previous versions before 10.8 I think) and that couldn't run this app which was done in most recent version.
  2. On Macs who had the most recent OS X versions, I encountered the security settings issue mentioned above.

is there any way the exported apps could run under most OS X versions and not require users to change their settings? For a broad diffusion it's complicated to ask all potential users to change their settings to have the app work.
Thanks a lot

If it helps to figure this issue out, I went ahead and joined the Mac Developer Program so I could sign and distribute applications I have created and then exported from Processing.

I was able to replace the signature from Ben Fry LLC with one based on my own distribution certificate using this command:

codesign -s "Developer ID Application: CA name from my certificate" -f --deep

I then tried uploading the re-signed application to my website, downloading it, and running it.

When double-clicking the application, I still get the "application is an application downloaded from the Internet. Are you sure you want to open it?" message – but I am able to open the application.

My Gatekeeper security settings were set to: run apps from "Mac App Store and identified developers".

I tried switching my Gatekeeper security settings to: run apps from "Mac App Store".

After that, on a double-click of the application, I got the usual message:

"application can’t be opened because it was not downloaded from the Mac App Store."

However, if I use the "Open" command from the Finder context menu (two finger tap) I can open the application after seeing this message:

"application is not from the Mac App Store. Are you sure you want to open it?"

In short, since this works with my own certificate, but not with the one from Ben Fry LLC – could this be an issue with that certificate?

One last thing... if I run this command to see whether Gatekeeper will accept the Ben Fry LLC signed application, this is what I get:

$ spctl --assess --verbose=4 --type execute Sinusoidal_Functions.app
Sinusoidal_Functions.app: invalid Info.plist (plist or signature have been modified)

Contributor

mckennapsean commented Feb 26, 2014

I would recommend taking a look at the application signature to resolve this issue. It sounds like @rgordonatbss pointed at that being what is failing to confirm the exported applications' developer license.

I can replicate this issue in the most recent version of Processing (2.1.1) on Mac OS 10.9.1. This assumes the default security settings: (Preferences / Security & Privacy / General / Allow apps downloaded from.... Mac App store and identified developers).

Currently, the workaround is to change this setting to "Anywhere", but we work with collaborators that cannot always do this, depending on the access they have to their machines. We also do not want to open them up to any potential security threats either.

You can test this locally on a Mac by simply hosting any Processing-exported application on a server. When you download this app from a web browser on the Mac, Gatekeeper will tag it and think it is damaged with these default settings, likely due to a failure to authenticate the license.

Owner

benfry commented Mar 30, 2014

Finally able to reproduce by using AirDrop. OS X seems to be flagging the files differently in that process (as well as certain types of web downloads... but local afp:// copy didn't cause it).

To be clear the only issue at hand here is that application is being reported as "damaged". All those other warnings are just the new reality of Gatekeeper:
http://support.apple.com/kb/ht5290

Now looking for a fix...

Owner

benfry commented Mar 30, 2014

And with AirDrop (and web downloads, etc) it's because the com.apple.quarantine atom is being set, triggering extra checks.

You can remove it manually with:
xattr -d com.apple.quarantine the_sketch_name.app

Not a fix, but still looking. The problem is the split signature between the PDE, the exported app binary, and the sometimes embedded Java VM. Just trying to sort out the fix.

Owner

benfry commented May 12, 2014

For Processing 2.2, applications will be self-signed on OS X (when Xcode is installed). This means that they'll appear to be from an "unidentified developer", but they'll no longer show up as "damaged".

@benfry benfry closed this May 12, 2014

This is still an issue in Processing 3.3 - apps exported are flagged as damaged by OSX gatekeeper...

screen shot 2017-03-14 at 13 18 13

EmLR commented Mar 14, 2017

I'm also encountering this problem and looking into "manually code-signing" my app as prescribed by the processing export dialogue box. I've made an account at Apple Developer but that's as far as I've got. Any information on the sharing of processing apps under the purview of the Apple Gatekeeper would be much appreciated.

This worked for me so incase it helps anyone else here goes: Manually 'code-signing' seems to require an Apple Developer Program Yearly Membership ($99). Once you've 'enrolled' you can go to your certificates in your account and follow the steps for a new mac osx certificiate - select 'outside appstore' option. It will lead you through a process where you download a keychain. Then in terminal you navigate to your sketch folder "cd ~/Documents/Processing/Sketch/App" and enter "codesign -f -v -s "Developer ID Application: John Doe" Nameofapp.app" (replacing 'Developer ID Application: John Doe' with the 'common name' given in the keychain process & ‘Nameofapp.app' with the name of your app). Then when people download it they'll get the "downloaded from the internet" message but will be able to open it.
(see article about a similar issue with flash http://blog.rustymoyher.com/post/36142106531/signing-apps-without-xcode).
(BTW you need to use absolute paths instead of relative ones if you're loading/saving images etc)

Owner

benfry commented Apr 21, 2017

Folks, this is a separate issue in macOS Sierra: #4705

The original issue was fixed several years ago, that's why the bug has been closed.

@benfry benfry locked and limited conversation to collaborators Apr 21, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.