Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mac OS binaries are unsigned #7826

Closed
15458434 opened this issue Nov 5, 2019 · 14 comments
Closed

Mac OS binaries are unsigned #7826

15458434 opened this issue Nov 5, 2019 · 14 comments
Labels

Comments

@15458434
Copy link

@15458434 15458434 commented Nov 5, 2019

Version of OpenTTD

1.9.3 on macOS Mojave

Expected result

Screenshot 2019-11-05 at 15 00 46

Actual result

The app should start instead of showing a message like this.

Steps to reproduce

Install through home brew and click the Application in LaunchPad.

Extra note

This stuff really should get fixed. I'm not going to run unsigned apps on my Mac. Since it's also my production machine.

@LordAro
Copy link
Member

@LordAro LordAro commented Nov 5, 2019

Easier said than done, I'm afraid. You'll find this is a common problem with open source games such as these, as the fix involves registering "the company" with Apple (most open source communities do not have a legal identity that Apple recognises as a company).

Oh, and you need to pay Apple $99/year for a developer licence. Not something anyone's been willing to do thus far.

@LordAro LordAro changed the title unidentified developer Mac OS binaries are unsigned Nov 5, 2019
@andythenorth
Copy link
Contributor

@andythenorth andythenorth commented Nov 5, 2019

The $99 isn't the limiting factor. The limiting factor is that somebody has to be interested in solving this. Currently that hasn't happened. 👍

This is likely to become more of an issue in future, as Apple have indicated that they may introduce mandatory notorisation for all software. https://blog.fleetsmith.com/macos-mojave-app-notarization/

To do that without the user being able to apply policy exemptions is unlikely, as it will kill the Mac as a developer platform, and developing on Mac remains important for Apple's iOS cashcow. However that's beyond the scope of this chat 😄

TL;DR OpenTTD probably needs notarised, but that may require an OpenTTD organisation, which we don't have. I started investigating how that might be done, but it has fallen into a hole.

@planetmaker
Copy link
Contributor

@planetmaker planetmaker commented Nov 5, 2019

It's a lot of legal hassle to go through and register a developer account which is not a private one: https://developer.apple.com/support/enrollment/ - especially when you so far have no legal entity at all.

@samcat116
Copy link

@samcat116 samcat116 commented Apr 4, 2020

Has there been any update on this? I'm not sure how long you will be able to run non-notarized apps, probably not in macOS 10.16

@15458434
Copy link
Author

@15458434 15458434 commented Apr 4, 2020

@andythenorth
Copy link
Contributor

@andythenorth andythenorth commented Apr 4, 2020

And it’s a security risk for anyone. I can’t believe this is treated so lightly.

If you would like to assist with resolving it, contributions are welcome.

@TrueBrain TrueBrain added the OS: MacOS label Apr 4, 2020
@TrueBrain
Copy link
Member

@TrueBrain TrueBrain commented Apr 4, 2020

I guess that this too would require a Code Signing Certificate. See #8056 for the Windows variant of this issue.

@samcat116
Copy link

@samcat116 samcat116 commented Apr 4, 2020

This would only need an Apple Developer Account, which is $100/yr

@andythenorth
Copy link
Contributor

@andythenorth andythenorth commented Apr 4, 2020

We have no way to get an Apple Developer Account currently.

Rules are here https://developer.apple.com/support/enrollment/

[Money is not the major blocker on this issue]

@serprinss
Copy link

@serprinss serprinss commented Apr 14, 2020

would joining an organisation like the Software Freedom Conservancy be an option?

@nikolas
Copy link
Member

@nikolas nikolas commented Apr 14, 2020

@serprinss that's a great idea! I'm a member of the SF conservancy. The OpenTTD devs can take a look here for details on becoming a member project: https://sfconservancy.org/projects/apply/

Becoming a member project may have benefits for OpenTTD other than signed macOS binaries, too: https://sfconservancy.org/projects/services/

@TrueBrain
Copy link
Member

@TrueBrain TrueBrain commented Apr 14, 2020

Given that SFC is US-based, and most (all?) developers are EU-based, it is unknown to us what the impact would be, in legal terms. So we are simply put not sure.

As this is an ongoing discussion on several levels, I put out a gist with a summary of what we know:
https://gist.github.com/TrueBrain/d8ec26316a4c4b9f5d6e0b4e84d96db7

I could use advise (backed up with reading material, of course). This really feels to us like a HTTPS certificate felt 3 years ago. Difficult to navigate, you don't really know what you get, and you hope everything works out for the best. So any guidance is apperciated.

@BastianInuk
Copy link

@BastianInuk BastianInuk commented May 11, 2020

What's the requirements of notarization? Does a potential contributor just have to have a $99/yr dev account? I happen to have one, and wouldn't mind notarize OpenTTD in my name, issue is that my company name may appear different places in the os in relation to OpenTTD

@nielsmh
Copy link
Contributor

@nielsmh nielsmh commented May 11, 2020

The issue is entirely organisational by now. We have discussed the issues with code signing and related, and everyone agrees it's important that binaries are signed by a company which has OpenTTD in the name, not by a personal certificate nor by an unrelated company.
(Correct me if I'm wrong.)

Anything to do with funds to pay for certificate is secondary at most, although donations are still accepted :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

10 participants
You can’t perform that action at this time.