Notarizing the mac build

[TerryGeng]

After macOS 10.15, Apple requires all software to be notarized before distributing. Otherwise, the user will be prompted with a scaring warning:

The process of notarizing an app can be found here:
https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution

In addition, useful information about notarizing apps automatically in a CI setup can be found at https://blog.zeplin.io/dev-journal-automate-notarizing-macos-apps-94b0b144ba9d

This process takes two steps:

First, we need to properly sign our app with a valid Apple Developer ID. We need to apply for one if we haven't done this before. https://developer.apple.com/programs/enroll/. A fee of $99 is charged :( for membership.

Then with that ID, we execute

export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/usr/bin/codesign_allocate"
codesign --force --sign "Developer ID Application: <my name>" /path/to/my.app

https://stackoverflow.com/questions/13204407/how-to-codesign-an-existing-mac-os-x-app-file-for-gatekeeper

After signing the app, we can start to get it notarized.
In short, we need to

1. zip our Mumble.app container, then
2. uploading the zip file to Apple's public notarizing service. That is, passing it to
   xcrun altool --notarize-app -t osx -f Example.app.zip --primary-bundle-id <Bundle identifier> -u <Apple ID username> -p <Apple ID password> --output-format xml
   where the Bundle identifier is something located in Info.plist.
3. Then the notarizing request would be queued. We can run xcrun altool --notarization-info <Request identifier> -u <Apple ID username> -p <Apple ID password> --output-format xml
   to retrieve the status of this task.
4. After the notarizing is done, we need to attach Apple's certificate to the app with xcrun stapler staple Example.app

These steps are certainly not hard. But the $99 is more like blackmail. If you don't pay, your users will be scared with a warning box. This is certainly not fun, even disgusting.
People are complaining about this (see https://buckleyisms.com/blog/apple-should-provide-notarization-for-open-source-apps/) as well.

There are certainly many open source apps that don't give it a damn. I think it is up the the mumble team's choice whether to pay this $99 and deliver the users a warning box-free experience.

[streaps]

Fuck Apple and especially macOS Catalina. It only will get worse (https://www.osnews.com/story/131830/macos-10-15-slow-by-design/).

[Krzmbrzl]

Thank you for layout out this possibility @TerryGeng :)

Imo this is just ridiculous. I'm already very hostile towards MacOS due to me not liking the way it functions (though that of course is personal preference) plus them not allowing to use MacOS in a VM (which would allow us to test and develop Mumble on MacOS as well).
If on top of that they come around and wanting to make us pay in order to get rid of that silly warning message, I tend more towards dropping mac-support completely than paying this fee.

However as this would only affect the Mumble users on MacOS instead of Apple as a whole, I am of course not promoting to drop MacOS support here though. However if we ever reach the point at which the payment is required in order for the application to run at all (or something that goes strongly in that direction), I'd be the first in line that votes to drop the OS entirely.
Let's just hope that this won't happen though ☝️

TL;DR: I'm very strongly against paying Apple for this bullshit. Even if someone else was to pay the bill (We shouldn't support this kind of strategy).

[TerryGeng]

@Krzmbrzl Yeah. That's true. I feel very uncomfortable to see this situation because I really like the products of Apple in general. And for the reason that I need to run some software on macOS (or Windows, which I don't like as well), it would be very hard for me to switch to other open source platforms. I believe this is the case for a lot of Mac users.

However if we ever reach the point at which the payment is required in order for the application to run at all

I think Apple is not too silly to understand that it is absolutely unbeneficial to piss off the open source community. So I don't really think they will be too ruthless to seal the way of running an App whose author doesn't pay the protection money.

Based on the discussion on #mumble, I suggest we make a highly visible message on the download page on mumble.info, stating that this warning box is expected. Users should not rely on Apple's Gatekeeper to verify the app. Instead they should download the signature file from mumble.info and verify by themselves. In order to run the app, they should click the System Preference -> Security -> Open Anyway button.

We can also make this a background image of the distributed DMG file.

[Krzmbrzl]

We can also make this a background image of the distributed DMG file.

Would that even be big enough to be readable? 🤔

Based on the discussion on #mumble, I suggest we make a highly visible message on the download page on mumble.info, stating that this warning box is expected.

@Kissaki could you do that? :)

[davidebeatrici]

Right now we sign releases using @mkrautz's personal developer account.

Ideally we should create a dedicated account for the project, but I firmly believe giving money to Apple is morally wrong and harms the IT world.

I'm aware that unfortunately many people need macOS, either due to exclusive programs and/or because the company they work in forces it due to "security". I'm also pretty sure hardware that only works with macOS exists.

From my point of view the decision is up to the community, especially because we receive enough donations to pay Apple's pizzo. That is, unless they decide to add a magical 9 to the price tag.

[Avatat]

In my opinion, we shouldn't pay anything to Apple.
If a user wants to use Mumble, their friends/colleagues will instruct them about Mac OS restrictions, and how to install and do the first-run of Mumble app.

[Krzmbrzl]

Right now we sign releases using @mkrautz's personal developer account.

But if we do sign releases... Where does the warning come from? 🤔

If we can continue to use his account for that though, I'm all in to keep using that and providing signed / notarized builds.

[davidebeatrici]

The warning appears when running the builds produced by CI, we don't sign them.

[toby63]

As much as I agree with what has been said before.
Maybe you could contact Apple on this and ask about two topics:

1. Exceptions regarding fees for open source projects like yours.
2. Using virtual machines for testing.

It is possible that Apple does not care at all, but sometimes there are positive surprises.

Nonetheless the problem of indirectly supporting such manners remains.

[Kissaki]

I understand and can related to the general, prevalent frustration here. But I can also see why this was implemented with good reason.

For tech-savy persons this may not be necessary, but most users, even of Mumble I am sure, can not be trusted or asked to verify binary checksums, signatures, or even expected to download from the correct website.

Windows SmartScreen and Apple name-here are for those users. It attempts to solve this through building trust, and/or certification. And a not minimal entry fee so mass-scams are not worth it, and are associated to specific owners.

Windows SmartScreen requires code signing with certificates which are not cheap either, although distributed and created through third parties. Valve Steam added a game listing fee as well to prevent low quality product and scam spam.

For companies with a software product 100 USD is a drop in the bucket. For individuals, non-commercial projects and people who already spent a ton of their free time it is.

I am hesitant to just pay though. (Popular) FOSS projects should definitely get free or price reduced certificates either directly or indirectly.

I am certainly not against a dedicated funding where people could donate for this specific cause if they want to support this, for themselves, the platform or the project in general. If there were a FOSS solution available that would be even better. Either directly or some other forms of donations (certifying companies).

For now I agree we can and should document the current state and that it is what it is. Whether I would be in favor of paying or not would also depend on the userbase; how big the platform is for our project. It’s not necessarily necessary for a niche. I guess generally I think we should aim for doing so though if we can find a reasonable solution. Idealism is a good thing but should not ignore pragmatism. If we want to support the platform, and do so for novice users, then there is no way around it.

[Kissaki]

Yes, I can add something notice to the downloads page. I’m working on that one right now anyway. I will create a separate mumble-www ticket for that.