macOS Catalina 10.15.5 reports hale studio.app 4.0.0 as damaged

[fjlopez]

Expected behaviour

Run hale studio.app obtained from the 4.0.0 release .dmg in macOS Catalina 10.15.5.

Current Behaviour

macOS Catalina 10.15.5 reports hale studio.app as damaged, and, hence, can't be opened, even with Gatekeeper disabled.

Steps to reproduce

1. Open a terminal
2. Execute sudo spctl --master-disable to disable Gatekeeper and then allow run apps downloaded anywhere.
3. Download hale studio 4.0.0.dmg from https://www.wetransform.to/downloads/
4. Open the dmg file.
5. Move hale studio.app to the Applications folder.
6. Go to the Applications folder
7. Open hale studio.app

[florianesser]

Hi @fjlopez, thanks for using hale studio and reaching out to us!

hale studio 4.0.0 still needs Java 8 to run. The macOS version doesn't come with a packaged JDK and a typical problem is that JDK 8 is not available. Do you have JDK 8 installed? If you open a console, what does the command java -version return?

[fjlopez]

I use jenv to manage different JDK versions. I have tested it with the Oracle JDK 8 as follows:

$ jenv global oracle64-1.8.0.144
$ javac -version 
javac 1.8.0_144
$ java -version
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
$ echo $JAVA_HOME
/Users/javier/.jenv/versions/oracle64-1.8.0.144
$ sudo spctl --master-disable
$ open -a "Hale Studio"

and then fails

[florianesser]

Thanks for the info, we'll look into it.

[florianesser]

While investigating this problem, I found that hale studio 4.0.0 doesn't start up on macOS even when the error reported in this issue does not occur (see #849). I think it makes sense to work on the start problem first and see if that helps to resolve this issue.

[JohannaOtt]

@fjlopez A potential workaround is described here

[thorsten-reitz]

@fjlopez The new release (4.1.0) has been tested thoroughly with current MacOS versions and models. Please let us know if you can't work with that. In that case we will re-open this ticket.

[fjlopez]

Don't work yet. My macOS version is 11.6.1 Big Sur.

This version is not correctly signed and notarized, the output of this command is:

$  spctl -a -v hale\ studio.app               
hale studio.app: code has no resources but signature indicates they must be present

when something like:

$  spctl -a -v hale\ studio.app               
hale studio.app: accepted

was expected (source).

[kapil-agnihotri]

@fjlopez, thank you for your feedback. Please follow the installation instructions for Mac as document in the release 4.1.0 page.

Steps to run hale studio in Mac If you are using Mac with intel chip, then to be able to run the application after the installation, you must execute the below command in the terminal.

 xattr -cr '/Applications/hale studio.app'

Then launch hale studio from Applications

In case you are using Mac with M1 chip then let us know.

[fjlopez]

That is an unsafe recommendation asxattr -cr is used in zero days attacks such as xcsset.

Please, review your notarisation process (e.g. here is an answer that address the case "code has no resources but signature indicates they must be present").

[thorsten-reitz]

@kapil-agnihotri Do you think this issue can be closed with the 5.x releases?

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had activity in the last 60 days. It will be closed in two weeks if no further activity occurs. Thank you for your contributions.

[JohannaOtt]

@stempler Do you think this issue can be closed with the 5.x releases?

[stempler]

No, there is no notarization process set up. So far a blocker was that the required tools require macOS to run, which was not available in our CI infrastructure. Now that GitHub Actions is used there is the possibility to also run on macOS. Here is also a guide on how to do the notarization using GitHub Actions that may be applicable for us.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had activity in the last 60 days. It will be closed in two weeks if no further activity occurs. Thank you for your contributions.