Monday’s suck…
Over the weekend Xcode installed an update, then I had to re-agree to developer agreement in order to have Notary 2 finally work.
Now after Notarizing my Enhanced App, the signed/notorized app returned cannot be opened. I get the error: “Your.app” is damaged and can’t be opened. You should move it to the Trash.
I’ve tried lots of times and get the same error.
Any advice is appreciated as I am working on a hard deadline today to do an update.
Thanks
Dean
I believe it is Ventura related. If I hold option key down and open the app it doesn’t show the error. Can’t have the users do this so advice is still needed.
Can you send me a copy of the app pre-notarization to test here?
Probably this is useless advice, but I had that experience when I failed to add checkmarks to some of the options on the Advanced tab at the upper right of the SD window (“Disable Library validation” etc.). I forget which option solved it, unfortunately. Again, this may be a complete waste of bandwidth.
I’ll check it out. It seems to work fine with SD Notary 1 not 2. I just added full disk access to security settings for SD Notary 2 since I had previously done 1.
When I notarized it and ran spctl --assess I got:
rejected (invalid destination for symbolic link in bundle)
When I ran it on the un-notarized version, I got the same thing. My guess is there’s either a problem with one of the embedded frameworks, or it doesn’t like how you are arranging them in the bundle.
I’m not sure how you got it notarized with SD Notary, rather than SD Notary 2, because it has locked items that SD Notary can’t handle.
I added Notary 2 to security allowing full drive access and now the notarized app can be opened without the error.
Now here’s the crazy thing…If I create an Appcast file using the SD Notary 2 created file, the unzipped file displays the error “Your.app” is damaged and can’t be opened. You should move it to the Trash. Which also occurs if I post the files to my server and run the Check for Updates after the update is completed.
I create an Appcast file using the SD Notary 1.4 created file, the unzipped file opens and updates without issue.
In troubleshooting way too many scenarios I reduced the issue to the line
do shell script "ditto -c -k --keepParent " & quoted form of appPosixPathAS & space & quoted form of (zipDestPath as text)
sooo I tested directly in the terminal nothing other then running this on the SD Notary created file:
ditto -c -k --keepParent original.app file original.zip
and can reproduce the issue so it is happening in ditto. BUT only to the file created by SD Notary 2.
I changed the ditto line run on the SD Notary 2 file to:
ditto -c -k --sequesterRsrc --keepParent original.app file original.zip
and the file no longer displays the error and works fine! Any idea why adding --sequesterRsrc resolves?
Sorry, no idea.
The only differences you should see between the results of the two apps relates to the permissions of .scpt files. SD Notary 2 goes through checking .scpt files, changes their permissions to readable if they are not already (so xattrs can be cleared), and then changes the permissions back again after the attributes have been cleared. This is basically to work around the issue of locked main.scpt files.
That might give you a clue – it may be some issue to do with ditto and permissions.
I agree. Thank you for your testing and responses. For anyone else who experiences an issue with the Enhanced App being damaged after Notarizing or after creating a Sparkle Appcast file using the script Shane kindly provided long ago or their own using ditto to create the zip file, the line:
do shell script "ditto -c -k --keepParent " & quoted form of appPosixPathAS & space & quoted form of (zipDestPath as text)
should be updated to
do shell script "ditto -c -k --sequesterRsrc --keepParent " & quoted form of appPosixPathAS & space & quoted form of (zipDestPath as text)
Conincidentally the Documentation on Sparkles web site was updated at some point or always had the solution… see: Publishing an update - Sparkle: open source software update framework for macOS