We have created a code signed DMG with layout and license. The DMG containes a notarized app.
On some computers the customers, mainly with 10.14.5, have the problem that the DMG cannot be opened. A message something like this:
The DMG could not be opened because Apple could not scan it for malicious code.
I have only the German message here, so the above could not be exactly the English one, but is similar.
Is this a specific problem with 10.14.5 or is this because we´ve added a license to the DMG and this is maybe preventing the scan for malicious code.
The DMG can of course be opened by right clicking and selecting Open, but we would prefer that the users do not have to do it that way.
macOS 10.14.5 added an undocumented requirement that if the disk image is code signed, it is not enough for it to contain a notarized app. You need to notarize the .dmg itself using altool. This is explained more in the DropDMG manual. If macOS finds that it’s not notarized, it will show that error message about being unable to check for malware—even though you’ve already uploaded your app to Apple’s notarization server.
thanks for you explanation. I was not clear enough, please excuse. The dmg was already notarized. I did not mention it, because i thought notarizing a DMG will just notarize the app inside of it. But anyway.
These are the steps we did to create and notarzie
code sign the app
create and code sign DMG from the app using
notarized the DMG using altool
ran stapler to staple the DMG and app inside
all went through w/o problems
checking the dmg using
xcrun stapler validate <path_to_dmg> returns “The validate action worked!”
checking the app on the dmg also returns “The validate action worked!”
But as already written, some Macs do not want to open/mount the DMG with the described warning message.
I will now setup some test VMs. But if you have an other idea that is more than welcomed.
If stapler validates the dmg, but other Macs don’t like it, that sounds like something to report to Apple. I’ve seen that happen a few times with macOS 10.15 betas, though not 10.14.5.