Mac app cannot run due to gatekeeper block jna*.tmp file generated at launch time

Question

My app has already been signed and notarized successfully, but I got this error while trying to launch the app:

"jna7223640233751603426.tmp" cannot be opened because the developer cannot be verified

Does anybody have the solution for this?

How can I fix this problem? Can I block the file created while launching the app or make it valid for the Gatekeeper?

Answer 1

JNA releases have small precompiled binary JARs for each of its supported operating system/architecture combinations. These are not signed, although the source code is available if you wish to build and sign them yourself.

From a conversation on the JNA mailing list:

MacOS does not allow code created at runtime (which is typical malware behaviour), and that extracting a library at runtime looks like that code was created because it’s not visible outside the jar file in which it came.

A solution listed in that thread is:

by pre-extracting the library and bundling it as part of the installer.

In addition to this, you'll need to configure your application to tell JNA not to extract its own library but to use the one which you have signed and extracted as part of your installer. Source code from the above email thread:

boolean sandboxed = System.getenv("APP_SANDBOX_CONTAINER_ID") != null;

// Some 3rd party apps install to the system and can cause crashes
System.setProperty("jna.nosys", "true");

if(sandboxed) {
   // Don't unpack the libraries
   System.setProperty("jna.nounpack", "true");
   // Tell JNA where the native libraries are
   System.setProperty("jna.boot.library.path", "<path to native libs>");
}