I have an app which creates a secondary “helper” app, and then runs the helper app. The helper app is created with a do shell script "osacompile … "
The issue I am having is that the helper app that is created isn’t code signed and thus is halted by GateKeeper on systems that are set up to prevent the running of apps from unidentified developers. I suppose I would like to know if there is a way to code sign the helper app via a do shell script or some other method.
I also tried creating a code signed AppleScript app in AppleScript Editor and then dropping that into my Xcode project, then programmatically opening that code signed app, but am getting various errors about my app not being about to open it:
The document “myHelper” could not be opened. myApp cannot open files in the “application” format. “applet” can’t be opened because Sandbox is not allowed to open documents in Terminal. LSOpenURLsWithRole() failed with error -10810 for the file /path/to/file
The reason I was using osacompile to create the helper app is that each helper app created is unique due to some variables set by the user in the main app. I thought maybe if that didn’t work, I could just write the unique variables to a property list or text file and then create a “generic” helper app that reads said unique variables from the file, but as stated above, that didn’t work either.
Yes the app is sandboxed. What’s odd to me is that osacompile is even allowed in the sandbox environment. And while I can’t directly open the generated helper app using do shell script “open /path/to/myApp.app” if I instead execute do shell script “open /path/to/myApp.app/Contents/MacOS/applet” it actually works – that is unless Gatekeeper is set up to prevent unidentified developer’s apps.
So, no way to code sign or otherwise “identify the developer” during the osacompile process?
For instance, I know that If I have GateKeeper configured to allow only Mac App Store and identified developers, and I then open AppleScript Editor, create and export a .app, and then try to run it, GateKeeper doesn’t say a word. Yet, if my app creates the .app using osacompile, GateKeeper complains about an unidentified developer.
Compiling code shouldn’t be a problem – running it is a different thing altogether.
And while I can't directly open the generated helper app using [i]do shell script "open /path/to/myApp.app"[/i] if I instead execute [i]do shell script "open /path/to/myApp.app/Contents/MacOS/applet"[/i] it actually works -- that is unless Gatekeeper is set up to prevent unidentified developer's apps.
That it works is probably more of an oversight than anything else.
Alas. Ok Thanks Shane! Out of curiosity, can you explain the following behavior:
If I have GateKeeper configured to allow only Mac App Store and identified developers, and I then open AppleScript Editor, create and export a .app, and then try to run it, GateKeeper doesn’t say a word. Yet, if my app creates the .app using osacompile, GateKeeper complains about an unidentified developer.