The only way to 'self sign' an app for Gatekeeper is to enroll in the Apple Developer Program (currently $100/annually), sign up for a code-signing certificate, and install XCode to create "your" app.
You could then create an App in XCode and just include the contents of the other app you really are wanting to run in your app bundle, then sign it with your certificate. This app would able to launch anywhere (though you would possibly be violating the license of the original software).
Obviously this is not very practical. The method suggested in another answer here to copy the contents to another app's bundle will not, in itself, circumvent Gatekeeper. The 'Known Developer' check requires the the app bundle to contain a _CodeSignature
subfolder, and an app ID which corresponds to the signed developer in the bundle's Info.plist
file. Both of these will be destroyed if you replace all the contents, and selectively replacing the contents will result in an app which has a code signature that does not match that of the app it is claiming to be.
If this 'transplant' method does work, it is not because it tricks Gatekeeper; rather because it prevents Gatekeeper from ever being invoked. Regardless of whether an app bundle is signed, the Gatekeeper system will only check apps that are 'quarantined'. This means an extended attribute flag has been added to the file which indicates it was downloaded from the internet or else-wise from an unknown source. Safari and Mail will add this flag to downloaded files, but there is no requirement that all apps must behave this way. You can see this flag by running the command ls -l@
on the directory containing your app bundle:
drwxr-xr-x@ 3 self wheel 102 Jul 7 2013 My Sketchy App.app
com.apple.quarantine 57
If you copy the contents of an app into another app's bundle, the newly-created app has whatever extended attributes the bundle did beforehand. So if it did not have a quarantine
flag, neither will your new app and you will be able to launch it. But if it did have a quarantine
flag, it still will, and Gatekeeper will be in effect.
Transplanting the app contents is just a roundabout way of removing this flag. You can accomplish the same thing by simply removing the quarantine
flag from the app directly, like so:
xattr -d com.apple.quarantine "./My Sketchy App.app"
or you could indirectly remove the quarantine
flag by launching/allowing the app on another Mac (which does not have Gatekeeper restrictions in effect, or where you have an admin account which allows you to override it), then copying it to the restricted machine via a method that does not recreate the flag (apps copied from a SMB share, for example, will not be quarantined).
Long story short: the right-click 'Open' (or "Open Anyway" from Security screen of System Preferences) adds an exception to Gatekeeper for the app in question, which requires admin privileges. Removing the quarantine
flag from an app only requires write permissions to the app bundle, and prevents Gatekeeper from ever getting involved.
Is it just me or are you asking about ways to bypass security protocols that have been put in place? I'm not saying it's a bad question, though getting someone to give you this info probably won't happen. Unless of course I am misunderstanding the question and this is all for purely "academic" reasons. – Josiah – 2013-04-20T20:38:07.933
1@Josiah I think you see the gray area here. These applications such as gedit are perfectly fine applications that would run if not for the unidentified developer issue but as it stands... It is more of a question of OS X and what kind of applications are available to use that have this type of restriction. For example a .dmg, package, etc are sort of new concepts for me. MagicPrefs worked great and I want to know why that is. – MLM – 2013-04-20T20:46:18.157
There are definitely many legit applications that simply don't bother to pay the $100 to get "Apple-approved" signing. I know I don't. However, the "unidentified developer" error exists because of Gatekeeper. In order to bypass it you would need an Admin password. I am simply wondering why you really want to bypass this security on a school computer. You could buy your own laptop if you wanted too. :) As for file types, any .app that is not signed will give you that error.
.dmg
s are basically like cut-off folders from the rest of the world. They just hold something. .app is the issue. – Josiah – 2013-04-21T22:38:35.840I don't believe there is anything you can do about it. But perhaps I am wrong. – Josiah – 2013-04-21T22:39:26.560
@Josiah In windows there are ways to sign your own drivers, is there a way to sign a app (I will look into it)? I do have my own PC, but the norm at school is using that laptop and certain mac only applications already pre installed. Installing/running a few applications such as a ftp, code editor, etc would be nice. – MLM – 2013-04-21T22:41:23.337
No, the app is signed by the developer when you have the source available. I do not believe it is possible to "self-sign" things, but there might be something on Stackoverflow about that. – Josiah – 2013-04-21T22:43:03.937
Perhaps see this: https://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html
– Josiah – 2013-04-21T22:43:55.533