Won't run when "Allow apps downloaded from Anywhere" isn't enable on OSX

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Go to System Preferences > Security & Privacy > General
2. Change the option to either "Mac App Store" or "Mac App Store and identified 
developers".
3. Close the Security & Privacy window.
4. Download the DMG file and install Jarzilla.
5. Right-click the Jarzilla icon, hold down Command, and click Open (this is 
necessary to override the security setting the first time you run the 
application.)

What is the expected output?
OSX should prompt you to confirm you want to open the application despite 
having the aforementioned security setting turned on.  You click Open and the 
app should launch.

What do you see instead?
OSX presents a dialog that says "'Jarzilla' is damaged and can't be opened.  
You should move it to the Trash." with a "Cancel" and "Move to Trash" button.  
The Console application shows the following:
4/16/14 3:42:32.496 PM CoreServicesUIAgent[21855]: Error SecAssessmentCreate: 
The operation couldn’t be completed. (OSStatus error -67030.)

What version of the product are you using? On what operating system?
0.1.5.  OSX Mavericks 10.9.2

Please provide any additional information below.
I verified the SHA-1 sum of the DMG file matches what is on the website, so 
it's definitely not corrupt.

As a workaround, if you like keeping the security setting turned on in System 
Preferences:
1. Go to System Preferences > Security & Privacy > General
2. Change the option to "Anywhere".
3. Close the Security & Privacy window.
4. Download the DMG file and install Jarzilla.
5. Run Jarzilla.  OSX will still warn you: "'Jarzilla' is an application 
downloaded from the Internet.  Are you sure you want to open it?"
6. Click Open.
7. Go to System Preferences > Security & Privacy > General
8. Change the option back to either "Mac App Store" or "Mac App Store and 
identified developers" (whichever you prefer).
Since the application was opened once while the security check was disabled, it 
won't run the security check again.

Original issue reported on code.google.com by Motionbl...@gmail.com on 16 Apr 2014 at 8:30

[GoogleCodeExporter]

Just did a little bit of light research (ie: Googling) and this sounds like it 
could be a problem with the Certificate you used to package the app/installer.

Original comment by Motionbl...@gmail.com on 16 Apr 2014 at 8:39

[GoogleCodeExporter]

Yeah, the issue is that Jarzilla isn't an App Store app.

I suppose I could jump through whatever hoops Apple has put up to certify 
Jarzilla, but part of me doesn't feel like I should have to ask Apple 
permission (and pay $99 per year) to have an application on their platform.

The downside of this is that GateKeeper treats Jarzilla as untrusted and the 
only way to install it is to disable GateKeeper entirely (at least temporarily 
during the install).

Original comment by voidstar@gmail.com on 16 Apr 2014 at 8:56

[GoogleCodeExporter]

I don't think you have to pay Apple to make it work (and I agree with your 
sentiment there).  I always leave GateKeeper running (though I am questioning 
that), but I can usually run non-Apple approved apps by using the right-click 
Open work around.  See this page: 
http://www.bu.edu/infosec/howtos/bypass-gatekeeper-safely/

It just seems that this workaround doesn't work and triggers this "damaged and 
can't be opened" instead.

Is there some part of the packaging process where you have to provide a 
certificate?  The other page I found that said something about having this 
problem with their app suggested that it was with the certificate that they 
used in their installer.

Either way, I support you if you decide not to pursue this.  At least it's 
listed here now and there's an easy work around.  :)

Original comment by Motionbl...@gmail.com on 16 Apr 2014 at 9:16

[GoogleCodeExporter]

Cool. I'll keep this as an open bug.

At some point I'll look into whether there's a way to certify Jarzilla without 
too much pain/cost, and avoid GateKeeper's generally bad user experience.

Original comment by voidstar@gmail.com on 16 Apr 2014 at 9:54