-
Notifications
You must be signed in to change notification settings - Fork 717
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apple notarization must be passed and app bundle must be signed #218
Comments
I'd be interested in handling the Mac-specific issues. I'm looking at getting a clean build that passes all unit tests on Mac right now, and I'll submit a pull request when that's ready. |
That's great!
Which problems are having with tests?
GitHub actions CI is verifying Mac builds as well as other platforms...
…On Thu, 20 Feb 2020, 20:21 Kurt Starsinic, ***@***.***> wrote:
I'd be interested in handling the Mac-specific issues. I'm looking at
getting a clean build that passes all unit tests on Mac right now, and I'll
submit a pull request when that's ready.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#218?email_source=notifications&email_token=AAGXKYGHS4ZTIKZJZB6DLE3RD23XZA5CNFSM4J7JTYP2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMPJ75Y#issuecomment-589209591>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGXKYF5IXZ7VZ762RYPGVDRD23XZANCNFSM4J7JTYPQ>
.
|
Here is an example how to do it using github actions: |
If you are still looking for someone to assist with the Mac side, or a second Mac user to assist let me know. I run both MacBooks and a MacPro at the house and have Mac users on my network and do IT full time as a Net/SysAdmin. |
@thepony yes, sure. Can you tell what is the current situation without notarization on Catalina? Does it refuse to run Angry IP Scanner? |
Actually running the program is easy simple, even without notarization, as is with many apps. As I am sure you know that OS X is based on FreeBSD (albeit the Cadillac version), A user that has admin/sudo rights on the system can bypass. After unzipping on Catilina (and versions before), Hold control while right-clicking or using two-finger click and select Open. You will get a different message from just right cloick and open, where you are prompted that the item is not registered with Apple, and asks if you are still willing to open the application. Select Open and it will remember your choice when you run it again. I did just test this on a MacBook Pro and had no issues. |
Right-click, Open (without modifiers needed beyond ⌃+Click itself to open the right-click menu if no second mouse button is present) is an explicit, intentional action indicating to the OS that execution of the unsigned/un-notarized binary is desired. Upon clicking the "Open" action in the confirmation prompt, the OS will self-notarize the binary for subsequent use. Double-clicking an This is a similar issue I've had with certain QuickLook plugins. Brew install them, the OS starts complaining about the module being downloaded from the internet and untrusted. Even though it's not directly an executable application, dig the Edit: of course, actual signing will help avoid the "scary confirmation dialog". ("All software" is no longer an option under Security preferences, only App Store and Signed by Developer.) |
@thepony @amcgregor thanks for info, so it's not that critical so far if the app can still be run. I tried passing notarization from the CI build, but it failed for now. It seems the app should be signed first, but I am not sure yet if I can do that without paying Apple $100 |
Hey, maybe I can help. I am a registered apple developer. BTW the URL in the link to this issue is broken. |
you will have to pay the ghost of steve jobs $100 or he will not let you cross his bridge. |
All GUI-based tests were failing. This was worked around via 0db30a9 (thanks, @angryziber!); it seems that there will be no actual fix on the Mac without a Gradle change that seems to be a low priority. |
Thanks. That was helpful. Perhaps add this "ctrl+right click" / "ctrl+two-finger-click" to the FAQs page until the issue is resolved? |
There is now a fully-implemented codesign process for Linux using the apple-codesign crate; this might be something that could be done in TravisCI |
Apple will restrict running non-AppStore software on Macs from February 2019 unless it has passed 'notarization'.
Ideally, travis-ci should be used for automatic sending of binaries to Apple on new releases, as it can only be done from OS X.
Apple has provided this info:
"You can notarize and sign from the terminal on a Mac (using codesign and xcrun altool) or by ssh’ing into a Mac."
https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow?preferredLanguage=occ
The text was updated successfully, but these errors were encountered: