Notarization succeeds, but gatekeeper check still fails, with QtWebEngine

Question

Created Oct ’24

Replies 3

Boosts 0

Participants 2

I am packaging an app with QtWebEngine in it, after codesign the app and the QtWebEngine Framework, the app can run properly.

The codesign result is: valid on disk staisfies its Designated requirements

Then I notarized and stapled the dmg file, after the dmg installed on Mac, gatekeeper still failed the check.

Here is the result for spctl: spctl -a -t open -vvv --context context:primary-signatue Remote\ Graphics\ Workstation_.dmg Remote Graphics Workstation_.dmg: rejected source=Insufficient Context

Need help to identify the codesign process and the root cause why gatekeeper fail here, thanks.

Answered by DTS Engineer in 810605022

If you’re manually signing code, follow the instructions in:

Note the note callout in the first section; check whether your vendor has specific advice on this front.

Passing notary doesn’t guarantee that you’ll pass Gatekeeper. If you continue to have Gatekeeper problems, see Resolving Trusted Execution Problems.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

goosling OP

4w

And after I tried to sign the dmg file, the command spctl -a -t open -vvv --context context:primary-signatue ***.dmg status is accepted, but after the dmg installed on the machine, it still failed with the gatekeeper.

spctl -a -t open --context context:primary-signature -vvv aaa.dmg aaa.dmg: accepted source=Notarized Developer ID origin=Developer ID Application: ***

0

Answer 2

goosling OP

4w

I dig into the issue, hence I have 2 executable files in the app under ***.app/Contents/MacOS: M and N, M is in the Info.plist and is the CFBundleExecutable file, after signed the M with codesign, returns with this: signed app bundle with Mach-O thin (arm64) [CFBundleIdentifier]; otherwise, the N signed with codesign in the same way, returned with this: signed Mach-O thin (arm64) [N].

And I installed the APP on my machine, when I clicked the M executable file, seems it passed the gatekeeper, but I clicked the N, seems the gatekeeper check fails. I am not sure it's the reason.

0

Answer 3

DTS Engineer OP

Apple

4w

Recommended

If you’re manually signing code, follow the instructions in:

Note the note callout in the first section; check whether your vendor has specific advice on this front.

Passing notary doesn’t guarantee that you’ll pass Gatekeeper. If you continue to have Gatekeeper problems, see Resolving Trusted Execution Problems.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0