Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub Actions build for mac builds damaged app #49

Closed
abulka opened this issue Dec 17, 2021 · 4 comments
Closed

GitHub Actions build for mac builds damaged app #49

abulka opened this issue Dec 17, 2021 · 4 comments
Assignees
@wiverson
Labels
bug Something isn't working documentation Improvements or additions to documentation enhancement New feature or request
Milestone
january-2022

Comments

@abulka
Copy link

abulka commented Dec 17, 2021

It seems that the build action on GitHub builds an app that cannot be double clicked on to run. I get the popup error “TestApp” is damaged and can’t be opened. You should move it to the Bin. However when I run it from the terminal, it runs OK

./TestApp.app/Contents/MacOS/TestApp

I initially thought it was a permissions issue, as GitHub actions has a 'bug' where artifacts lose their permissions but the above file seems ok -rwxr-xr-x 1 andy 150864 Dec 17 10:35 ./TestApp.app/Contents/MacOS/TestApp.
@abulka
Copy link
Author

abulka commented Dec 17, 2021

See this repositories own mac build action dmg:

https://github.com/wiverson/maven-jpackage-template/releases/download/macOS-latest/TestApp-21.40.052006.dmg

Tried opening and running it and got the same error as my own repo's build. I am running on Mac Mojave (just in case that matters).

@wiverson
Copy link
Owner

Sigh, yeah, just got the same thing. I'm on Monterey 12.1 and probably can't dig into it until after the holidays. LMK if you figure anything out. :P

@wiverson wiverson added the bug Something isn't working label Dec 17, 2021
@wiverson wiverson self-assigned this Dec 17, 2021
@wiverson wiverson added this to the january-2022 milestone Dec 17, 2021
@abulka
Copy link
Author

abulka commented Dec 17, 2021
edited

Turns out that copying the app out of the .dmg then

sudo xattr -rd com.apple.quarantine TestApp.app

fixes the problem. The app can then be run by double clicking on it.

It seems that under Mac OS, browsers, unarchivers etc. automatically add the com.apple.quarantine extended attribute to .app files, which prevents them from being run - see this explanation. This is meant to stop unsigned (and potential malware) apps from running. The proper fix is to sign the app using an Apple Developer ID certificate (unfortunately a $99 developer account is required) and notarise the disk image.

These signing steps can be automated in GitHub Actions according to

@harens harens mentioned this issue Jan 8, 2022
Closed
@wiverson
Copy link
Owner

wiverson commented Mar 7, 2022

There is now a workflow and documentation for adding signing, notarization, and stapling! Check the README.md in the root of the template.

@wiverson wiverson closed this as completed Mar 7, 2022
@wiverson wiverson added documentation Improvements or additions to documentation enhancement New feature or request labels Mar 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wiverson wiverson

Labels
bug Something isn't working documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
january-2022
Development

No branches or pull requests
2 participants
@wiverson @abulka