MacOS Notarization #271
Comments
|
Thanks! I don't and I'm not really sure I want to pay fo this honestly :( |
|
That's totally understandable. As many applications will face the same issue, I just hope that there will be a user-friendly workaround so single apps can be whitelisted. Basically the same behavior as in current MacOS versions. I have not tried Catalina yet and it's still in Beta, so we will see how it will turn out later on. There has to be some workaround without disabling Gatekeeper. |
|
Yes, since I have only one machine I won't install Catalina before the official release so let's hope for the best :) |
|
Anyone can notarize terminal-notifier. If you have a regular code-signing certificate, you can send any app in for notarization. EDIT – solved the problem of terminal-notifier nested in a Platypus app bundle; before code-signing the main bundle, you need to code-sign terminal-notifier first… if you just code-sign the main bundle with the |
|
@JayBrown Do you mind elaborating on the self-notarization process, or pointing to some resources, if I only need to use |
|
Yes, afaik for notarization you would need a paid developer account. With only a free dev account, you can still codesign, so that it runs without problems on your local machine: for that you can use a free Apple Development certificate (the one with your email address in its X.509 commonName), or just an ad-hoc signature. But for distribution, so that other people can use it, terminal-notifier (the terminal-notifier.app, that is) should probably be bundled/nested, and codesigned + notarized. Otherwise you will definitely have users telling you that it doesn't work. As it stands now, terminal-notifier will run just fine without any code signature at all. (But that will change on macOS 11 on ARM Macs.) I think that in the future, terminal-notifier (the universal binary app) should be released in two versions, one with a code-signature and notarization, e.g. the version that is installed via Homebrew, and one without any signature, as a GitHub download-only release, for users who need to change the Info.plist, the icon etc., and who then need to re-codesign it. (Just my 2¢.) |
|
Thanks! Although I must be missing something -- you said |
|
That's right. But if you remove the quarantine extended attribute, it won't be a problem. (And if you install it with Homebrew, you don't even have to remove the quarantine XA, because afaik there isn't one to begin with.) This "dequarantine" workaround is probably also going to be possible in Big Sur on ARM Macs, at least for programs & apps that are not notarized, but it's not a practical solution to tell users to run a Terminal command before they can use a software. |
|
Thanks :) |
|
Can confirm @JayBrown's assessment. I have signed, packaged inside another Mac app, and notarized A link to the signed app: https://github.com/Notifiarr/notifiarr/tree/eec162e49c75b857d4849487725f12b041714a50/init/macos/Notifiarr.app/Contents/Resources |
Hi @julienXX,
first of all thanks for this neat tool. :)
Since MacOS Catalina (currently in beta), all applications have to be notarized by default. Otherwise, Gatekeeper won't allow to open the app. See:
Do you have a developer ID certificate? If yes, would it be possible for you to notarize the app, so it will run without any issues in future MacOS versions?
Thanks in advance!
Cheers
Tilman
Reference: tilmanginzel/alfred-bluetooth-workflow#9 (comment)
The text was updated successfully, but these errors were encountered: