I have some update on what is happening: For some files of the app the code signing signature is placed inside an extended file system attribute com.apple.cs.CodeSignature. This signature after signing is in the files I looked at a bit over 8 KiB in size. When copying the app from the DMG image to the local hard disk on macOS 10.12 (and I assume 10.13 as well) it gets truncated to exactly 4 KiB. This results in a broken signature, hence when trying to launch the app Gatekeeper reports it as broken.
Now interestingly I have not found any discussion of this issue, and currently I don’t know a way to solve this. I see the following options going forward, none of which is fully satisfying:
- We find a proper fix. This of course would be the ideal solution. As for now I don’t know one.
- We do not sign the app for 10.12 / 10.13 and provide a separate signed app for 10.14 and later. This is not perfect, but in 10.12 / 10.13 it is till easily possible to run unsigned apps and users are probably aware how to do this. It is not great, but probably better have the “App from an unidentified developer” dialog then the “App is damaged”.
- We stop supporting 10.12 / 10.13. I would like to avoid this for now, as I know many of you are stuck with older versions.
- We stay with the status quo, with affected users having to apply the xattr workaround.
Any opinions on this? I tend to option 2, at least unless or until we find a proper fix.
See also my comment at PICARD-1763.