Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mac App Store distribution question #262

Open
1 of 2 tasks
rivera-ernesto opened this issue Apr 11, 2014 · 14 comments · May be fixed by #1692
Open
1 of 2 tasks

Mac App Store distribution question #262

rivera-ernesto opened this issue Apr 11, 2014 · 14 comments · May be fixed by #1692

Comments

@rivera-ernesto
Copy link

Probably a silly question. But what prevents an open source app like Vienna from being distributed on the Mac App Store?

  • Apache license should be fine.
  • An AppleID account. Probably the main problem is who's ID would it be? The license would allow anyone to do it but is there a image/policy problem?

Also an AppleID seems to be preferred for #49.

@rivera-ernesto rivera-ernesto changed the title Mac App Store distribution Mac App Store distribution question Apr 11, 2014
@mstroeck
Copy link
Contributor

Yeah, we should probably do that. I'll look into this, as I need to work with the App Store in any case in the near future.

Am 11.04.2014 um 03:33 schrieb Ernesto Rivera notifications@github.com:

Probably a silly question. But what prevents an open source app like Vienna from being distributed on the Mac App Store?

Apache license should be fine.
An AppleID account. Probably the main problem is who's ID would it be? The license would allow anyone to do it but is there a image/policy problem?
Also an AppleID seems to be preferred for #49.


Reply to this email directly or view it on GitHub.

@dak180
Copy link
Member

dak180 commented Apr 11, 2014

Code signing as it is currently done should work out of the box with the mac app store.
This still leaves the question of how well Vienna plays with the app sandbox.

@barijaona
Copy link
Member

An App Store version would be the best answer to those numerous Vienna clones « publishers » who are blatantly profiting of our open source philosophy.
But I’d like to keep a non App Store version : it speeds development (open betas, faster publication). So, we would have to maintain two targets.

Some parts of Vienna would need to be removed in the App Store version : I think mainly of the Sparkle autoupdate mechanism.

@barijaona
Copy link
Member

Related : legal actions suggested in #375

@josh64x2
Copy link
Member

App Sandboxing is a good idea for security and will help prevent issues such as #736 in the future. It is very simple to do, we just need to implement the migration as per Apple's guide.

I have tested it without the migration and simple Vienna functionality seems to be fine. Not sure about Apple scripting or the plugins though.

@Eitot
Copy link
Contributor

Eitot commented Feb 5, 2017

Sparkle seems to be almost ready to support sandboxing too. They have a ui-separation-and-xpc branch (“2.0”) that awaits merging.

@JanX2
Copy link

JanX2 commented Feb 5, 2017

Thanks for mentioning the state of Sparkle Eitot. Great to know!

@Eitot
Copy link
Contributor

Eitot commented Jun 20, 2017

(@josh64x2) Just for reference: Migrating an app to a sandbox.

@Eitot Eitot modified the milestone: v3.2.0 Jul 9, 2017
@Eitot
Copy link
Contributor

Eitot commented Jan 26, 2020

I believe scripting and plug-ins should still work even with a sandboxed environment. It is possible to define symlinks that point to directories outside of the sandbox and then regulate the access using entitlements, in particular the com.apple.security.temporary-exception.files.home-relative-path.read-write entitlement.

For reference: File Access Temporary Exceptions

One caveat is that I do not know whether Apple (still) accepts these entitlements for App Store apps.

@Eitot
Copy link
Contributor

Eitot commented Apr 5, 2020

Sparkle’s XPC branch is still not the stable branch. I am not sure who maintains Sparkle now. Apparently, even their 2.x branch is based on deprecated APIs, so who knows if is worth waiting for this. There might be an alternative in the future.

@stale stale bot added the stale ⏳ label Apr 6, 2021
@ViennaRSS ViennaRSS deleted a comment from stale bot Apr 7, 2021
@stale stale bot removed the stale ⏳ label Apr 7, 2021
@Eitot
Copy link
Contributor

Eitot commented Sep 12, 2021

Now that Sparkle 2.0 is installed, it should now be possible to enable sandboxing. I did some of the legwork already by pushing #1468. I also have some reusable code in other private projects that I can repurpose.

What still needs to be done:

  • The user can in some situations manually choose a path, also outside of the sandbox (e.g. the default download directory for downloads). For this, “security-scoped bookmarks” have to be used to store the access token that is given when the user chooses a location.
  • Sandbox migration has to be taken care of, so that the transition runs smoothly. This means moving all of Vienna’s into the sandbox container. This happens automatically for the most part, bur decisions have to be made. I have a WIP branch for this.
  • Think about whether plug-ins and styles should be stored in the sandbox too or whether an external location in the user library should be kept. This decision has to be made before the sandbox migration.

Things that probably will no longer work:

References:

I think the next major version of Vienna should use sandboxing, since it is a recommended security feature and should not stop Vienna from working normally.

@Eitot
Copy link
Contributor

Eitot commented Jan 22, 2023

Given that Vienna uses private Apple APIs to make the browser work properly, I think Mac App Store distribution can be ruled out (s. 2.5.1 of the App Store Review Guidelines).

@TAKeanice
Copy link
Contributor

I think we could still try and if Apple rejects it we could try replacing the calls with an alert saying "this feature is not available in the AppStore version of Vienna"

@Eitot Eitot linked a pull request May 29, 2023 that will close this issue
Copy link

This issue hasn't been updated in a while so we're going to mark it as stale. stale issues will automatically be closed after 60 days of inactivity. If this issue is still affecting you, please update us on how it affects you, and we'll keep it open. We are sorry that we haven't been able to prioritize it yet. Thank you for your contributions.

@github-actions github-actions bot added the stale ⏳ The issue will be closed 60 days after the label was added and no inactivity has occurred since. label Jan 24, 2024
@barijaona barijaona removed the stale ⏳ The issue will be closed 60 days after the label was added and no inactivity has occurred since. label Jan 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

8 participants