How to Distribute PyInstaller macOS App via .zip or .dmg Without “Damaged” or “Not Opened” Error?

[a-sajjad72]

Hi everyone,

I'm using PyInstaller to bundle my macOS app and I want to distribute it to users outside the Mac App Store and without signing it.

Initially, I zipped the .app bundle and shared it via a .zip file. When I downloaded and extracted it on a Mac, I got this error:

“OCR to Excel Converter” is damaged and can’t be opened. You should move it to the Trash.

After reading this GitHub issue, I learned that .dmg works more reliably than .zip for macOS. So, I packaged the .app into a .dmg file. Now the error changed slightly:

“OCR to Excel Converter.app” cannot be opened because Apple cannot check it for malicious software.

In both cases, the only thing that made the app work was running:

xattr -rd com.apple.quarantine "OCR to Excel Converter.app"

---

My Questions:

1. Is there any way to distribute an unsigned .dmg or .zip that avoids these “damaged” or “not opened” warnings on macOS?
2. Is the quarantine flag applied to all .dmg or .zip files downloaded from the internet by default?
3. Are there user-friendly workarounds for this, given that most users won’t be comfortable using Terminal commands?

Again, I'm not publishing the app to the App Store, and I’m intentionally not signing it. I just want the app to be downloadable and usable with minimal friction.

Any insights, tools, or best practices are appreciated!

Thanks 🙏

[rokm]

I take it you have verified that your packaging method (either .zip or .dmg) is properly preserving the symbolic links in the .app bundle?

and I’m intentionally not signing it.

I think in general, if you want to avoid Apple harassing your users with warnings, you will need to bite the bullet and sign the .app bundle. If there was a user-friendly work-around for that, you can be pretty sure they would "fix" it pretty quickly for the obvious reasons...

[a-sajjad72]

I take it you have verified that your packaging method (either .zip or .dmg) is properly preserving the symbolic links in the .app bundle?

It is my first time packaging that I am packaging for MacOS, I really don't have an idea how to do it. Would you please guide me how can i verify that?

[rokm]

See https://pyinstaller.org/en/stable/common-issues-and-pitfalls.html#requirements-imposed-by-symbolic-links-in-frozen-application (for flags required when creating .zip archive).

But more generally, you can use ls -l in terminal to list contents of App.app/Contents/Frameworks and App.app/Contents/Resources and check that data files and binaries are cross-linked between the two (i.e., Frameworks contains hard copies of binaries and symbolic links to data files in the other directory, while Resources contains hard copies of data files and symbolic links to binaries in the other directory).

As a quick test, you can also check that App.app/Contents/Frameworks/Python is a symbolic link to App.app/Contents/Frameworks/Python.framework/Versions/3.X/Python instead of being a hard copy.

Or even just check the .app bundle's (ad-hoc) signature - if you clobber the symlinks, the signature will not match due to additional hard copies where symlinks are supposed to be...