Skip to main content
Question

Packaging Drag & Drop Apps with Composer broken on Ventura

  • July 12, 2023
  • 16 replies
  • 81 views
C
Forum|alt.badge.img+5
  • chelm
  • Contributor
  • 33 replies

I am simply trying to repackage some drag and drop apps as flat packages using Composer. We do this so we can use them in our provisioning workflows via Jamf Pro.  Note: I have tried composer 10.44 to 10.48 and get the same results. 

Using FileZilla as an example:

 That is pretty much it. No postinstall, but I am signing with my developer installer ID.  

 I have tried to notarize and staple the .pkg's, but Apple does not like something in the .app file so I get "Invalid Package".  

 I have tried all kinds of things to try and clear any security flag, but nothing seems to work.  The only thing that does work is control clicking and selecting Open, then open anyway.   That does not work when attempting to deploy to thousands of computers.  Our help desk will get overwhelmed with calls.  

I have tried all of the following to fix the issue via script (kitchen sink from various how to's I found):  

 

# disable gatekeeper sudo spctl --master-disable # The applications final destination, should always be used. problemApp='/Applications/Filezilla.app' # chown app to root sudo chown -R root:wheel $problemApp # chmod permissions to correct sudo chmod -R 755 $problemApp sudo chmod +x $problemApp # remove quarantine attribute sudo xattr -r -d com.apple.quarantine $problemApp sudo xattr -c $problemApp sudo xattr -cr $problemApp # touch the file sudo touch -m $problemApp # open the file sudo open $problemApp # enable gatekeeper sudo spctl --master-enable

 

I have about a dozen drag and drop apps that I can no longer install via a pkg for redistribution on 13.4.1 because they all trigger a security flag and ask to be moved to the trash.  My biggest headache is Mathematica, which requires I insert a license file within the drag and drop .app for lab distribution.  

Any advice?

 

    16 replies

    jamf-42
    Forum|alt.badge.img+17
    • jamf-42
    • Esteemed Contributor
    • 744 replies
    • July 12, 2023

    is there a reason you are signing? I use this for DMG / non pkg apps.. https://github.com/rtrouton/Simple-Package-Creator

     

    C
    Forum|alt.badge.img+5
    • chelm
    • Author
    • Contributor
    • 33 replies
    • July 12, 2023

    is there a reason you are signing? I use this for DMG / non pkg apps.. https://github.com/rtrouton/Simple-Package-Creator

     


    Thanks.  I will give this a shot, but a quick read and it appears to be doing the exact same thing I am already doing.

     

    Most of the packages we create here are also made available on our intranet to all faculty, students and staff.  If they are not signed they will get the same type of message and have to bypass Gatekeeper to get the software installed. That was deemed unacceptable by our leadership, so we sign and notarize all packages. 

    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • 3567 replies
    • July 12, 2023

    Thanks.  I will give this a shot, but a quick read and it appears to be doing the exact same thing I am already doing.

     

    Most of the packages we create here are also made available on our intranet to all faculty, students and staff.  If they are not signed they will get the same type of message and have to bypass Gatekeeper to get the software installed. That was deemed unacceptable by our leadership, so we sign and notarize all packages. 


    @chelm Some applications contain files that have extended attributes which are required for the app to function. AFAIK Composer still doesn't retain any extended attributes when it builds a .pkg, so you might want to check out Packages to create your installers instead.

    Also be aware that if you're adding a license file inside the app package (as you mention for Mathematica) macOS Ventura will consider the app damaged. You should consult with the vendor on how to inject a license file in a manner that will allow the app to run on macOS Ventura.

    chrisB
    Forum|alt.badge.img+7
    • chrisB
    • Valued Contributor
    • 89 replies
    • July 13, 2023

    We got some apps behaving the same way (e.g. Metashape Pro, MAXQDA, OpenShot, VueScan Pro).

     

    1) Install the original disk image (.dmg file) to /private/tmp: 

     

     

    2) Then copy the app to /Applications with a postinstall script:

     

    #!/bin/zsh # Set Variables (manually) - please note: the (original) DMG file must be installed in /private/tmp appName="PRODUCT.app" dmgName="PRODUCT.dmg" volName="PRODUCT" ### Do not edit below ### # Unmount volume with the same name echo "\\nUnmounting volume '$volName', if available..." sudo hdiutil detach "/Volumes/$volName" echo "Done." # Open disk image & mount volume echo "\\nOpening '$dmgName' & (invisibly) mounting '$volName'..." sudo hdiutil attach "/private/tmp/$dmgName" -nobrowse -noverify echo "Done." # Copy app from volume to applications directory echo "\\nCopying '$appName' from '$volName' to '/Applications'..." sudo cp -Rp "/Volumes/$volName/$appName" "/Applications/$appName" echo "Done." # Apply correct owner & group to app file echo "\\nApplying correct owner & group to '$appName'..." sudo chown -R root:admin "/Applications/$appName" echo "Done." # Remove quarantine flags from app file echo "\\nRemoving quarantine flag from '$appName'..." sudo xattr -r -d com.apple.quarantine "/Applications/$appName" echo "Done." # Unmount volume echo "\\nUnmounting volume '$volName'..." sudo hdiutil detach "/Volumes/$volName" echo "Done." # Remove disk image echo "\\nRemoving '$dmgName'..." sudo rm -f "/private/tmp/$dmgName" echo "Done." echo "\\nInstallation of '$appName' completed [Exit Status = 0].\\n" exit 0

     

     

     

     

    chrisB
    Forum|alt.badge.img+7
    • chrisB
    • Valued Contributor
    • 89 replies
    • July 13, 2023

    The Mathematica 13.x (network) license can be installed in /Library/Mathematica/Licensing/mathpass

     

     

    C
    Forum|alt.badge.img+5
    • chelm
    • Author
    • Contributor
    • 33 replies
    • July 13, 2023

    The Mathematica 13.x (network) license can be installed in /Library/Mathematica/Licensing/mathpass

     

     


    The license location does solve one problem.  How are you deploying the app?  Even using the DMG like suggested above I get a damaged file warning.  I still have to control click on every install of the .app and click open or I get the corrupt file warning. 

     

    C
    Forum|alt.badge.img+5
    • chelm
    • Author
    • Contributor
    • 33 replies
    • July 13, 2023

    We got some apps behaving the same way (e.g. Metashape Pro, MAXQDA, OpenShot, VueScan Pro).

     

    1) Install the original disk image (.dmg file) to /private/tmp: 

     

     

    2) Then copy the app to /Applications with a postinstall script:

     

    #!/bin/zsh # Set Variables (manually) - please note: the (original) DMG file must be installed in /private/tmp appName="PRODUCT.app" dmgName="PRODUCT.dmg" volName="PRODUCT" ### Do not edit below ### # Unmount volume with the same name echo "\\nUnmounting volume '$volName', if available..." sudo hdiutil detach "/Volumes/$volName" echo "Done." # Open disk image & mount volume echo "\\nOpening '$dmgName' & (invisibly) mounting '$volName'..." sudo hdiutil attach "/private/tmp/$dmgName" -nobrowse -noverify echo "Done." # Copy app from volume to applications directory echo "\\nCopying '$appName' from '$volName' to '/Applications'..." sudo cp -Rp "/Volumes/$volName/$appName" "/Applications/$appName" echo "Done." # Apply correct owner & group to app file echo "\\nApplying correct owner & group to '$appName'..." sudo chown -R root:admin "/Applications/$appName" echo "Done." # Remove quarantine flags from app file echo "\\nRemoving quarantine flag from '$appName'..." sudo xattr -r -d com.apple.quarantine "/Applications/$appName" echo "Done." # Unmount volume echo "\\nUnmounting volume '$volName'..." sudo hdiutil detach "/Volumes/$volName" echo "Done." # Remove disk image echo "\\nRemoving '$dmgName'..." sudo rm -f "/private/tmp/$dmgName" echo "Done." echo "\\nInstallation of '$appName' completed [Exit Status = 0].\\n" exit 0

     

     

     

     


    Thank you.  This worked for about 1/2 the apps I am having trouble with.  It does not work for all of them unfortunately.  

     

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • 7886 replies
    • July 13, 2023

    The license location does solve one problem.  How are you deploying the app?  Even using the DMG like suggested above I get a damaged file warning.  I still have to control click on every install of the .app and click open or I get the corrupt file warning. 

     


    And this problem is happening even after installing the app and running the xattr -dr com.apple.quarantine command against the application bundle itself? Because in my experience, that typically resolves those issues. If it's still throwing that error after that, then something is very screwy with it.

    Do you only have Ventura in your environment? If not, has this been tested against Monterey to see if you get the same issue? It's not impossible it's some issue with Ventura getting in the way here.

    C
    Forum|alt.badge.img+5
    • chelm
    • Author
    • Contributor
    • 33 replies
    • July 13, 2023

    And this problem is happening even after installing the app and running the xattr -dr com.apple.quarantine command against the application bundle itself? Because in my experience, that typically resolves those issues. If it's still throwing that error after that, then something is very screwy with it.

    Do you only have Ventura in your environment? If not, has this been tested against Monterey to see if you get the same issue? It's not impossible it's some issue with Ventura getting in the way here.


    I think it is definitely something new in Ventura causing the issue.  The packages work on Monterey.  They just do not work on Ventura, which is what all machines on campus are supposed to be on for the fall.  

    Ventura has added additional "protections" via xattr:

    https://eclecticlight.co/2023/03/13/ventura-has-changed-app-quarantine-with-a-new-xattr/

     

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • 7886 replies
    • July 13, 2023

    I think it is definitely something new in Ventura causing the issue.  The packages work on Monterey.  They just do not work on Ventura, which is what all machines on campus are supposed to be on for the fall.  

    Ventura has added additional "protections" via xattr:

    https://eclecticlight.co/2023/03/13/ventura-has-changed-app-quarantine-with-a-new-xattr/

     


    Well then, thanks for that link. Interesting read. Thanks once again to Apple for adding some other "check" that probably wasn't really needed, failing to thoroughly document it, and causing more issues in the process. I wonder some days what goes on over there.

    Have you had a chance to try removing this new "provenance" flag on the app and see if that resolves it? I'd be very curious to hear your results.

    chrisB
    Forum|alt.badge.img+7
    • chrisB
    • Valued Contributor
    • 89 replies
    • July 14, 2023

    The license location does solve one problem.  How are you deploying the app?  Even using the DMG like suggested above I get a damaged file warning.  I still have to control click on every install of the .app and click open or I get the corrupt file warning. 

     


    I packaged Mathematica just as usual:

     

    But I always open apps first (to confirm gatekeeper messages) before dragging them to Composer.app.

    jonw
    Forum|alt.badge.img+10
    • jonw
    • New Contributor
    • 67 replies
    • August 18, 2023

    I'm seeing this behavior as well lately, but I've yet to find any consistency to the problem.  Opening the app once before adding to Composer doesn't always revolve the issue, nor does 'not opening' always resolve it.  In fact I'm seeing the same package having different results (broken vs. not) on nearly identical lab stations (both Intel & Silicon, all macOS 13.5).

    J
    Forum|alt.badge.img+9
    • jchen1225
    • Contributor
    • 38 replies
    • August 30, 2023

    I had this same problem with Mathematica deployment, on Ventura machines pre 13.5. Where it keeps saying the app is damaged and can't be opened. I just tried it on a few 13.5.1 machines and so far they deployed successfully without error. I am going to upgrade a group of machines to 13.5.1 and see the results.

    V
    Forum|alt.badge.img+4
    • virtasupport
    • Contributor
    • 19 replies
    • November 10, 2023

    Such a pain. We have a couple of apps that I have used Composer for years on, even at a different employer. Now, does not work. Latest Composer 11.01 and running Ventura 13.6

    Get the error when testing the package 

    chrisB
    Forum|alt.badge.img+7
    • chrisB
    • Valued Contributor
    • 89 replies
    • November 14, 2023

    Such a pain. We have a couple of apps that I have used Composer for years on, even at a different employer. Now, does not work. Latest Composer 11.01 and running Ventura 13.6

    Get the error when testing the package 


    Delete the ".VolumeIcon.icns" file from the package.

    You may have to navigate to   "/Library/Application Support/JAMF/Composer/Sources/"   to delete the (invisible) file.

    dgaines
    Forum|alt.badge.img
    • dgaines
    • New Contributor
    • 1 reply
    • May 6, 2024

    We got some apps behaving the same way (e.g. Metashape Pro, MAXQDA, OpenShot, VueScan Pro).

     

    1) Install the original disk image (.dmg file) to /private/tmp: 

     

     

    2) Then copy the app to /Applications with a postinstall script:

     

    #!/bin/zsh # Set Variables (manually) - please note: the (original) DMG file must be installed in /private/tmp appName="PRODUCT.app" dmgName="PRODUCT.dmg" volName="PRODUCT" ### Do not edit below ### # Unmount volume with the same name echo "\\nUnmounting volume '$volName', if available..." sudo hdiutil detach "/Volumes/$volName" echo "Done." # Open disk image & mount volume echo "\\nOpening '$dmgName' & (invisibly) mounting '$volName'..." sudo hdiutil attach "/private/tmp/$dmgName" -nobrowse -noverify echo "Done." # Copy app from volume to applications directory echo "\\nCopying '$appName' from '$volName' to '/Applications'..." sudo cp -Rp "/Volumes/$volName/$appName" "/Applications/$appName" echo "Done." # Apply correct owner & group to app file echo "\\nApplying correct owner & group to '$appName'..." sudo chown -R root:admin "/Applications/$appName" echo "Done." # Remove quarantine flags from app file echo "\\nRemoving quarantine flag from '$appName'..." sudo xattr -r -d com.apple.quarantine "/Applications/$appName" echo "Done." # Unmount volume echo "\\nUnmounting volume '$volName'..." sudo hdiutil detach "/Volumes/$volName" echo "Done." # Remove disk image echo "\\nRemoving '$dmgName'..." sudo rm -f "/private/tmp/$dmgName" echo "Done." echo "\\nInstallation of '$appName' completed [Exit Status = 0].\\n" exit 0

     

     

     

     


    Awesome, this method worked for me as well. Thank you for scripting/posting this!


    Terms & ConditionsCookie settingsAccessibility statement