Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ARM64 Error | “app” is damaged and can’t be opened. You should move it to the Trash. #8157

Open
2 of 3 tasks
bedirhanmanim opened this issue Jan 11, 2024 · 12 comments
Open
2 of 3 tasks

Comments

@bedirhanmanim
Copy link

bedirhanmanim commented Jan 11, 2024

Issue Type

Before opening an issue, please search and see if it has already been raised.

  • Bug Report

  • Feature Request

  • Successfully reproduced against the latest version of NW.js?

Please use our mailing list or Gitter chatroom to ask questions. The issue tracker is only for bugs and feature requests, in English only. Please note that issues without a repro or code snippet are less likely to be resolved.

Current/Missing Behavior

Its arm64 app.

“myapp” is damaged and can’t be opened. You should move it to the Trash.
Screenshot 2024-01-11 at 20 29 22

After run this command its work but how can i distribute my app?
xattr -cr /Users/bedirhansamsa/myapp.app

Expected/Proposed Behavior

Open app with no warning

Additional Info

  • Operating System: MacOS Sonoma
  • NW.js Version: 0.83.0
  • Repro Link:
  • Code snippet:
  • Crash report:
@imawizrd
Copy link

The issue persists. The warning for damaged apps should not occur. macOS allows unsigned apps to run. To run unsigned apps, right-click and select 'open' from the context menu. However, this is not possible with NWJS, which should be considered a bug. It shows this 'damaged' warning instead even if you select open from context menu.

Other issues suggest running xattr commands, but this solution does not persist across systems when you package the app in a dmg.

@montyalamiri
Copy link

I am also experiencing this issue on v0.84.0; it warns that the app is damaged instead of prompting that it is from an unknown source. Running the x64 build through Rosetta 2 gives the proper security prompt. Ironically, this issue makes it more convenient to use a binary for a different architecture.

@merseyV
Copy link

merseyV commented Mar 6, 2024

Not an NW.js issue .. it's an Arm64 build and Gatekeeper issue. If you create a native Silicon app with NW.js, Electron (whatever), it's required to be signed and notarised if you're going to distribute it - without the user getting that error notice?

If you create the app locally for yourself and it works ... don't expect it to distribute across a network? There's plenty of discussions online going back several years: Not a recent issue, or just related to NW.js builds?

Ad-hoc signing may not even be enough anymore ... but some reckon it will reduce the notice to the less serious one (like you'd get with x64).

Fetch an (unsigned) arm64 .zip/.pkg download, using an alternative Download Manager app, and it will open normally (a simple double-click!). It's your Mac's browser that's doing the checks .. and adding the Quarantine flags?

Me, I just use: xattr -cr.

@imawizrd
Copy link

imawizrd commented Mar 9, 2024

Yes, I confirm that ad hoc signing removes the "damaged" message, but ad hoc does not provide any cryptographic guarantees be mindful of that.

@imawizrd
Copy link

imawizrd commented Mar 9, 2024

The way Gatekeeper works is that as long as you build and distribute the application internally (lan, samba, usb flash drive, etc), it will not show you a message, but as long as you or your users download the application from the internet, MacOS will automatically add an attribute to the file as "quarantined" and GK will be triggered. For the experience to be seamless you need to pay apple to notarize your app.

@hg0428
Copy link

hg0428 commented Mar 19, 2024

Same problem for me in v0.85.0

@SEVA77
Copy link

SEVA77 commented May 21, 2024

After building your application, simply sign it:

codesign --force --deep -s - yourApp.app

detailed information: https://wiki.lazarus.freepascal.org/Code_Signing_for_macOS#Ad_hoc_signing

If you don't have macOS you can use a virtual machine for this:
https://github.com/kholia/OSX-KVM
https://github.com/sickcodes/Docker-OSX

I also see an alternative but I not sure about it: https://github.com/zhlynn/zsign

@aliummoser
Copy link

It says "the specified item could not be found in the keychain."

@bedirhanmanim
Copy link
Author

It says "the specified item could not be found in the keychain."

Install Xcode

@bedirhanmanim
Copy link
Author

After building your application, simply sign it:

codesign --force --deep -s - yourApp.app

detailed information: https://wiki.lazarus.freepascal.org/Code_Signing_for_macOS#Ad_hoc_signing

If you don't have macOS you can use a virtual machine for this: https://github.com/kholia/OSX-KVM https://github.com/sickcodes/Docker-OSX

I also see an alternative but I not sure about it: https://github.com/zhlynn/zsign

I signed with my certificate but says damaged.

@datashaman
Copy link

datashaman commented Sep 29, 2024

This issue persists. Following instructions to download and install from the website result in this.

Screenshot 2024-09-29 at 07 26 07

It is not signature-related afaik, I am not prompted about the safety of packages. It fails immediately with that message.
The brew cask also fails with the same thing. 🤷🏼

@benjaminbojko
Copy link

This response on another issue solved this for me: #8135 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

9 participants