I have an applet which uses script libraries including Myriad Tables Lib and Dialog Toolkit Plus.
I’ve read the helpful page for SD Notary but still have some questions.
When exporting a read only version of my applet to be notarised, should I make bundled libraries read only?
Should I code sign with my developer ID when exporting from SD?
Should I notarise the applet and the .dmg distribution disk image or just the .dmg? Are there any advantages to notarising them both? If I only notarise the .dmg, will the applet still run fine on Catalina once it’s copied from the disk image to the applications folder?
My first attempt at notarising with SD Notary appeared at first to go well; the applet was successfully notarised and the thing was stapled. But when I run the notarised applet and it tries to display a table view with Myriad Tables Lib, I get the error: ‘The bundle “SMSTableDialogBuilder” couldn’t be loaded because it is damaged or missing necessary resources.’ I don’t get that message when displaying dialogs with Dialog Toolkit Plus.
Only the applet is notarized, but a .dmg can be codesigned and have the app’s notarization ticket stapled to it. So if you’re going to distribute as a .dmg, there’s no point in notarizing the app first.
It’s a limitation of the notarization process, unfortunately. When that occurs, you need to go to System Preferences and approve it. See this:
I’m running macOS 10.14.6 and perhaps the behaviour in Mojave is different to Catalina. I don’t get the warning dialogs you describe and I don’t see the additional Open Anyway button in System Preferences > Security and Privacy > General. If that process was required even for notarised apps it would be difficult enough for end users, but I don’t even seem to have that option in Mojave.
Maybe I was just reading it wrong, but I got the impression from that post of yours that those issues only occurred if the library was not in a notarised app. In other words, I thought (or hoped) that notarising would solve the problem. Specifically it was these things that you said:
That made me think that the user would only get the dialog warning thing if the app was not notarised. So did the following paragraph:
Did Apple increase the security with one of the recent point upgrades to Mojave but fail to include the additional approval mechanism in Catalina? Or is something else perhaps going on here? I don’t yet have a Catalina install to test on (I’m too scared to upgrade my main machine given precisely these issues, but will probably need to get myself a test install). But I might try notarising the app again and testing on a different Mojave account to see if that makes any difference.
For anyone else who might encounter a similar issue, @ShaneStanley took a look at my SDNotary Submission Log and identified the following:
I did that and… hurray! It worked!!
To be more precise, what I did was:
Downloaded a fresh copy of Myriad Tables Lib and used it to replace the copy in ~/Library/Script Libraries. I had been using Myriad Tables Lib version 1.0.8 whereas the version I downloaded was 1.0.10.
I also created a new app in ScriptDebugger by creating a new script, copying and pasting my code, and saving it as a standard applet. I had previously experimented in the old app with making it an enhanced applet to get the automatic updates with Sparkle. But, after I realised that dialogs in enhanced applets don’t have titles, I exported the read only version as a standard applet. Despite exporting as a standard applet, it obviously still carries across all the Sparkle frameworks.
I also did not code sign the exported read only version this time (can’t remember if I did it or not the last time, but the first time I definitely code signed it).
Not sure which of those did the trick (presumably the first or last, or combination of both), but either way the issue has resolved.
Thanks so much, @ShaneStanley, for all your help and for being so responsive. It’s incredibly impressive and I really appreciate it. The tools you and Mark produce with LateNight, the script libraries you make and the support/help you provide are all first class.