Won't run when "Allow apps downloaded from Anywhere" isn't enable on OSX
GoogleCodeExporter opened this issue · 4 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1. Go to System Preferences > Security & Privacy > General
2. Change the option to either "Mac App Store" or "Mac App Store and identified
developers".
3. Close the Security & Privacy window.
4. Download the DMG file and install Jarzilla.
5. Right-click the Jarzilla icon, hold down Command, and click Open (this is
necessary to override the security setting the first time you run the
application.)
What is the expected output?
OSX should prompt you to confirm you want to open the application despite
having the aforementioned security setting turned on. You click Open and the
app should launch.
What do you see instead?
OSX presents a dialog that says "'Jarzilla' is damaged and can't be opened.
You should move it to the Trash." with a "Cancel" and "Move to Trash" button.
The Console application shows the following:
4/16/14 3:42:32.496 PM CoreServicesUIAgent[21855]: Error SecAssessmentCreate:
The operation couldn’t be completed. (OSStatus error -67030.)
What version of the product are you using? On what operating system?
0.1.5. OSX Mavericks 10.9.2
Please provide any additional information below.
I verified the SHA-1 sum of the DMG file matches what is on the website, so
it's definitely not corrupt.
As a workaround, if you like keeping the security setting turned on in System
Preferences:
1. Go to System Preferences > Security & Privacy > General
2. Change the option to "Anywhere".
3. Close the Security & Privacy window.
4. Download the DMG file and install Jarzilla.
5. Run Jarzilla. OSX will still warn you: "'Jarzilla' is an application
downloaded from the Internet. Are you sure you want to open it?"
6. Click Open.
7. Go to System Preferences > Security & Privacy > General
8. Change the option back to either "Mac App Store" or "Mac App Store and
identified developers" (whichever you prefer).
Since the application was opened once while the security check was disabled, it
won't run the security check again.
Original issue reported on code.google.com by Motionbl...@gmail.com on 16 Apr 2014 at 8:30
GoogleCodeExporter commented
Just did a little bit of light research (ie: Googling) and this sounds like it
could be a problem with the Certificate you used to package the app/installer.
Original comment by Motionbl...@gmail.com on 16 Apr 2014 at 8:39
GoogleCodeExporter commented
Yeah, the issue is that Jarzilla isn't an App Store app.
I suppose I could jump through whatever hoops Apple has put up to certify
Jarzilla, but part of me doesn't feel like I should have to ask Apple
permission (and pay $99 per year) to have an application on their platform.
The downside of this is that GateKeeper treats Jarzilla as untrusted and the
only way to install it is to disable GateKeeper entirely (at least temporarily
during the install).
Original comment by voidstar@gmail.com on 16 Apr 2014 at 8:56
GoogleCodeExporter commented
I don't think you have to pay Apple to make it work (and I agree with your
sentiment there). I always leave GateKeeper running (though I am questioning
that), but I can usually run non-Apple approved apps by using the right-click
Open work around. See this page:
http://www.bu.edu/infosec/howtos/bypass-gatekeeper-safely/
It just seems that this workaround doesn't work and triggers this "damaged and
can't be opened" instead.
Is there some part of the packaging process where you have to provide a
certificate? The other page I found that said something about having this
problem with their app suggested that it was with the certificate that they
used in their installer.
Either way, I support you if you decide not to pursue this. At least it's
listed here now and there's an easy work around. :)
Original comment by Motionbl...@gmail.com on 16 Apr 2014 at 9:16
GoogleCodeExporter commented
Cool. I'll keep this as an open bug.
At some point I'll look into whether there's a way to certify Jarzilla without
too much pain/cost, and avoid GateKeeper's generally bad user experience.
Original comment by voidstar@gmail.com on 16 Apr 2014 at 9:54