I have a macOS .dmg application. When I download it directly from the url via wget, I can open the dmg and install the application no problem. When I download the app from the same url via a web browser, macOS reports the .dmg is not signed.
The md5 hashes on the two downloads are identical.
How can I facilitate a browser download in a way that doesn't result in macOS deciding that my code signing bad?
Possibly related to Download breaks OSX signature? but I'm not using install4j, everything is codesign and xcodebuild.
EDIT:Running codesign --verify --deep --verbose /path/to/my/Mydmg.dmg on both reports
Mydmg.dmg: valid on diskMydmg.dmg: satisfies its Designated RequirementThis is the case even for the browser download which, upon double clicking, reports "cannot be opened because it is from an unidentified developer".