Notarizing the mac build #4263
Comments
TerryGeng
changed the title
|
Fuck Apple and especially macOS Catalina. It only will get worse (https://www.osnews.com/story/131830/macos-10-15-slow-by-design/). |
|
Thank you for layout out this possibility @TerryGeng :) Imo this is just ridiculous. I'm already very hostile towards MacOS due to me not liking the way it functions (though that of course is personal preference) plus them not allowing to use MacOS in a VM (which would allow us to test and develop Mumble on MacOS as well). However as this would only affect the Mumble users on MacOS instead of Apple as a whole, I am of course not promoting to drop MacOS support here though. However if we ever reach the point at which the payment is required in order for the application to run at all (or something that goes strongly in that direction), I'd be the first in line that votes to drop the OS entirely. TL;DR: I'm very strongly against paying Apple for this bullshit. Even if someone else was to pay the bill (We shouldn't support this kind of strategy). |
|
@Krzmbrzl Yeah. That's true. I feel very uncomfortable to see this situation because I really like the products of Apple in general. And for the reason that I need to run some software on macOS (or Windows, which I don't like as well), it would be very hard for me to switch to other open source platforms. I believe this is the case for a lot of Mac users.
I think Apple is not too silly to understand that it is absolutely unbeneficial to piss off the open source community. So I don't really think they will be too ruthless to seal the way of running an App whose author doesn't pay the protection money. Based on the discussion on #mumble, I suggest we make a highly visible message on the download page on mumble.info, stating that this warning box is expected. Users should not rely on Apple's Gatekeeper to verify the app. Instead they should download the signature file from mumble.info and verify by themselves. In order to run the app, they should click the System Preference -> Security -> Open Anyway button. We can also make this a background image of the distributed DMG file. |
Would that even be big enough to be readable? 🤔
@Kissaki could you do that? :) |
|
Right now we sign releases using @mkrautz's personal developer account. Ideally we should create a dedicated account for the project, but I firmly believe giving money to Apple is morally wrong and harms the IT world. I'm aware that unfortunately many people need macOS, either due to exclusive programs and/or because the company they work in forces it due to "security". I'm also pretty sure hardware that only works with macOS exists. From my point of view the decision is up to the community, especially because we receive enough donations to pay Apple's pizzo. That is, unless they decide to add a magical 9 to the price tag. |
|
In my opinion, we shouldn't pay anything to Apple. |
But if we do sign releases... Where does the warning come from? 🤔 If we can continue to use his account for that though, I'm all in to keep using that and providing signed / notarized builds. |
|
The warning appears when running the builds produced by CI, we don't sign them. |
|
As much as I agree with what has been said before.
It is possible that Apple does not care at all, but sometimes there are positive surprises. Nonetheless the problem of indirectly supporting such manners remains. |
|
I understand and can related to the general, prevalent frustration here. But I can also see why this was implemented with good reason. For tech-savy persons this may not be necessary, but most users, even of Mumble I am sure, can not be trusted or asked to verify binary checksums, signatures, or even expected to download from the correct website. Windows SmartScreen and Apple name-here are for those users. It attempts to solve this through building trust, and/or certification. And a not minimal entry fee so mass-scams are not worth it, and are associated to specific owners. Windows SmartScreen requires code signing with certificates which are not cheap either, although distributed and created through third parties. Valve Steam added a game listing fee as well to prevent low quality product and scam spam. For companies with a software product 100 USD is a drop in the bucket. For individuals, non-commercial projects and people who already spent a ton of their free time it is. I am hesitant to just pay though. (Popular) FOSS projects should definitely get free or price reduced certificates either directly or indirectly. I am certainly not against a dedicated funding where people could donate for this specific cause if they want to support this, for themselves, the platform or the project in general. If there were a FOSS solution available that would be even better. Either directly or some other forms of donations (certifying companies). For now I agree we can and should document the current state and that it is what it is. Whether I would be in favor of paying or not would also depend on the userbase; how big the platform is for our project. It’s not necessarily necessary for a niche. I guess generally I think we should aim for doing so though if we can find a reasonable solution. Idealism is a good thing but should not ignore pragmatism. If we want to support the platform, and do so for novice users, then there is no way around it. |
|
Yes, I can add something notice to the downloads page. I’m working on that one right now anyway. I will create a separate mumble-www ticket for that. |
|
#mumble user wsky reports the 1.3.1 dmg shows the error. Does our existing cert (that we use for the 1.3 stable builds) not meet the new criteria by apple? |
|
It probably appears because we don't notarize the releases, we only sign them. |
@davidebeatrici :o what is the difference? And what is the process for notarizing? |
|
It's explained by @TerryGeng in the first message. |
|
Ah, my bad. 🙇 |
|
Have you considered applying to get a free Apple Developer account? https://developer.apple.com/support/membership-fee-waiver/ Not sure if they give this to open source organizations or just not-profits. It's hard to claim that it is 'immoral' or there isn't a legitimate reason for Apple to verify that a real organization is behind this software versus Bob's Non-Profit (for you anyway) Malware LLC. |
|
The problem is that Apple is forcing developers and users to use the App Store. It's only a matter of time until they lock out every app that is not downloaded from the App Store (IMHO). It would be morally less wrong, if they didn't put a 30% commission rate on everything. There is a reason the EU opened up an antitrust investigations into App Store practices. "Nonprofit organizations, accredited educational institutions, and government entities" sounds like it would need a real organization in one of the eligible countries. Just because developers work on an open source project doesn't make it a non-profit organization. The need to create a non-profit organization or pay a $99 fee discriminates against the many open-source projects where a non-profit organization is more effort to create and run than it is worth. Let's not forget that 3rd party apps on the iPhone 1 were web apps and Apple used a fork of KHTML to make that possible: Apple doesn't have any problems to benefit from open source projects and make a shitload of money, but they are to lazy, greedy or morally stupid to care about the developers and users of community-driven open source projects. Apple would have the resources to proactively look for solutions to these problems, but I guess they don't give a shit. |
But they haven't yet -- and it seems kind of limiting to live in a world of what-ifs like that. You could always remove the app in retaliation as many other developers might at such a juncture.
Well, if Apple wants to collect a 30 percent commission on a piece of free software, hopefully, they will at least give the other 70 percent to the project =P (Sorry, I couldn't resist.)
Having now done this a few times myself (becoming a non-profit, that is), it's really not that hard nor time-consuming. With a sufficiently large community, those are the sorts of things you can delegate. In fact, having some kind of formality/governance is a good thing when, for example, the owner of the mumble.info domain name/GitHub account could rage-quit the project tomorrow over something like this discussion and shut it all down. If they were to do so, hopefully, the community has the legal recourse to rescue the project. You'll notice that several very successful open-source projects have gone in exactly this direction: https://opensource.com/resources/organizations .. Just a thought. I have almost no skin in this game other than being a user at this time. |
|
Interesting. Creating an organisation:
That probably depends on the country.
Also you would need to decide about the country where the organisation should be located, because as of now, there is for example no real european organisation besides the https://en.wikipedia.org/wiki/Societas_Europaea which is a form of company. |
If people accept any BS (pun intended) from Apple without any resistance, it's just a matter of when, not if.
Mumble is open source software. If some wants to delegate it to themself, just do it. |
TerryGeng
changed the title
|
I'm willing to donate $100 / year to see this notarized and in the app store. That seems like a small amount of money to greatly improve the distribution and security story for users of the mac. The notarization process and app store also lend a certain amount of security assurance to our users, and automatic updates, etc, which is all strictly value add stuff. If I amortize my $100 over all the users of Mumble and the new users of Mumble by making it easier to discover and manage, it feels like a better value than a meal for four at a restaurant. |
|
@fnordpig thank you very much for your generous offer. |
|
Hi, Update here myself and another donor gave $50 each to fund the app store certification costs. |
|
To be honest discussing signing versus notarization is kind of useless. I
believe the primary goal was a Mac user is able to download run the app
without concern with a better perceived user experience.
Who’s fault is that, does it matter if the goal is to support the users on
the platform ?
Unless the goal here is to stop supporting Mac all together.
Linux approach is not that different , the steps required when the package
comes from out the district are higher.
If the user experience does not matter, oh well …
…On Wed 2. Jun 2021 at 21:27 Davide Beatrici ***@***.***> wrote:
Notarization has nothing to do with security, it's just an excuse for
Apple to analyze every single package that developers want to publish.
Our packages are signed and a valid signature is what determines that a
file has not been tampered with.
In fact, our main reason for creating an Apple Developer ID was to get a
signing certificate (we were using @mkrautz <https://github.com/mkrautz>'s
before).
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#4263 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAK32Y6EG6XZC2SMUAT6UM3TQ2AY3ANCNFSM4NXJBBHQ>
.
|
|
Basically the entire project revolves around user experience, but our OS priority currently goes like this:
We are going to release 1.4.0 soon and thus wanted to make sure that there are no critical issues for the other platforms first. Now that we pretty much did that, we can dedicate time to finally get notarization to work. The Linux approach is very different, because basically all Linux distributions provide a package manager. I actually just realized there's already a cask for Mumble: https://formulae.brew.sh/cask/mumble |
Turns out that's only for generating an XCode project that passes the |
|
@fnordpig To be clear: it's my fault for not checking earlier (that is, before accepting the donations for creating the account) that additional steps are required in order to get the package notarized and you're right in complaining about that not being done yet, sorry about that. When writing #4263 (comment) I just focused on explaining that signing and notarization are two very different concepts and that the donations were not wasted: the account is actively being used to sign binaries. With that being said, I'm working on getting notarization to work. |
|
Doh! I'm sorry. Peace and love. |
|
No worries, it's absolutely fine! #5093 adds the entitlement plist, which can be used as follows: Everything seems to be working. |
|
Btw, I dropped a bounty source to cover next year in $5 chunks |
|
Awesome, thank you very much! |
|
The latest build has now been notarized |
|
This helped me:
|
I know you are trying to be helpful. But mumble releases have started being notarized for a while now. This problem is thus fixed. On another note albeit you may feel that it's helpful to recommend marking the app as an exception to the security policy, it's bad practice. It teaches the behavior to break the protection in place and it's a bad user experience. |
|
@dardevelin what you are saying is incorrect.Mumble builds are no longer notarized. Apple has essentially screwed us over by always blocking the notarization process for one reason or another and therefore it was always really painful to draft releases that were supposed to get notarized. Therefore, the steps mentioned are indeed necessary to get around Apple's ridiculous "security" feature. |
Ok thanks I officially will stop using mumble had enough with the years. So long and thanks for all the fish |
Thats really childish, not the Mumble Team is to blame here, it is Apple. |
|
@toby63 I don't believe it's childish to acknowledge that there is no interest in notarising the APP and that I shouldn't be waisting your time in continuously attempting to see it done. I have seen more "text" written about how "evil of apple, how bad of apple" than "search of solutions". I recall when this community had a collaborative spirt, this would back then be a challenge to be solved as team. This is in no way an isolated matter either, the "fights over automatic gain control" that it was pure insistence, despite a large part of the community wanting "local volume adjustment" as an option not even as a replacement. That discussion "forget the implementation" took years. In this thread, first it was "oh the Tax" people are like I am happy to give the money if that's the obstacle. But you are right I am childish. Thanks |
|
You do you.
They would be if you didn't have to mess with all this signing stuff that works completely different for every platform. That's actually quite time consuming, especially on macOS where the flags that you used last time don't work anymore, because now you have to agree to some new terms but where you can do this, you'll have to find out first, which again takes time. And this every time.
It was a test to see if we can make it work properly and the test showed: no we can't.
Well then please go ahead and volunteer to take care of the macOS signing. We can provide you with the built binaries and you can can do all the signing related stuff. Then we can upload that as the official release to our website. If this process "is essentially free" anyway, it shouldn't be that much of a burden on you. And then a few words in general: people often seem to forget that everyone working on Mumble generally does this in their free time and everything you do get from us developers is due to us spending our free time and offering the result for free. Therefore, this attitude of "you owe us xy" is completely ridiculous. If you really want something implemented in Mumble that badly, take some money in the hands and hire a developer to do it for you (if you can't do it yourself). Then, and only then, do you have the right to demand things from a developer. In every other situation you are more than welcome to voice suggestions or constructive criticism or contribute yourself. But that's it. |
Precisely for understanding the latter I said I will not use it any longer. In respect of your unwillingness to do it and not having time to commit to do it myself. I have spent time contributing to Foss, including gcc , Linux kernel, Qt, VLC, and so many other gnome apps. In the past, also contributed to mumble by finding and propose fixes to security vulnerability along with friends. Which required me to consult a lawyer to make sure I wouldn't be breaching contract. (That's quite expensive FYI). Those are efforts I put in which I don't "need" a pat on the back for, just mentioning because I am not just another "whinny" user that demands something for free. I simply pointed out that with that decision I can no longer use mumble. I believe in feedback and "highlighting what are the reasons to stop using the project" are helpful to "grow understanding of what people value" Yet what did I get being called "childish" ... if am "cleaver enough". Attempt high ground Shame, but "open source" while using GitHub over Gitlab, azure over open suse service or canonical or even redhat. Supporting windows as first platform over and ahead of Linux. Do you at least acknowledged that it's not a very good argument to make ? |
|
I'm not criticising you for your original statement that you will quit using Mumble. That much is absolutely your choice and stating the reasons for it is also fine. I don't agree with the statement of you being childish because of this. My comment was targeted towards what has been said in your reply to toby.
I do not. Because I don't see how what I said can be put into this context. I don't think I argued that the way we do things is the ultimate and only correct way of doing open source, so I don't see what you are getting at here. In any case case, I think everything worth saying has been said now and continuing this discussion is probably pointless. 🤷 |
I feel the need to clarify that I am not a part of the Mumble team, so as @Krzmbrzl pointed out, no one from the Mumble team said that to you, but I did 😉. |
|
Mm. Supporting windows first is what makes sense here.
|
|
If I understood correctly, Apple users who wish to have a notarized version available just need to hire someone new to trust and to take care of the notarizing process for the rest of the Apple users community? |
|
Yeah. We would gladly cooperate with anyone that wants to take up the signing process. |
Right.
C++ actually helps a lot, especially when it comes to abstraction. The The difficulty mostly consists in interfacing with whatever API the operating system provides. And this is where the trouble begins on macOS, especially since Apple is firm on using Objective-C.
@Krzmbrzl and I poured plenty of hours into modifying our signing script(s) to make them work for notarization. We succeeded and released notarized binaries for a while, as promised (we received an explicit donation for an Apple Developer subscription). The original idea was to proceed on that route, renewing the subscription ourselves every year, but the will to do so gradually decreased because every single time we wanted to produce the binaries we ran into at least one new issue and had to spend a substantial amount of time in order to troubleshoot it and find a solution or perhaps even a workaround. @dardevelin I like challenges and I'm pretty sure @Krzmbrzl does too. We have always been trying to support at least the major operating systems while making the experience as flawless as possible for our users. But when we realize a specific OS is being locked down on purpose by the company that owns it, we honestly just don't see the point in supporting their software (and in turn business) anymore. In any case, the experience we gained is not wasted and the relevant signing script is in our repository: https://github.com/mumble-voip/mumble/blob/bf4ad2bc72b5a8a5d4e2c610dbae1fdfcb3a1bc3/scripts/sign_macOS.py
Important note to anyone willing to do so: from experience, as mentioned several times, it can be a time consuming task. For that reason, it would be ideal if you're already familiar with the overall signing and notarization process. |
Just to clarify: We are not dropping macOS support as a whole. This "support" Davide referred to was targeted towards following the best practices for releasing software on that OS. |
|
Found a workaround, hat tip to this stack overflow poster
|
After macOS 10.15, Apple requires all software to be notarized before distributing. Otherwise, the user will be prompted with a scaring warning:
The process of notarizing an app can be found here:
https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution
In addition, useful information about notarizing apps automatically in a CI setup can be found at https://blog.zeplin.io/dev-journal-automate-notarizing-macos-apps-94b0b144ba9d
This process takes two steps:
First, we need to properly sign our app with a valid Apple Developer ID. We need to apply for one if we haven't done this before. https://developer.apple.com/programs/enroll/. A fee of $99 is charged :( for membership.
Then with that ID, we execute
https://stackoverflow.com/questions/13204407/how-to-codesign-an-existing-mac-os-x-app-file-for-gatekeeper
After signing the app, we can start to get it notarized.
In short, we need to
Mumble.appcontainer, thenxcrun altool --notarize-app -t osx -f Example.app.zip --primary-bundle-id <Bundle identifier> -u <Apple ID username> -p <Apple ID password> --output-format xmlwhere the Bundle identifier is something located in
Info.plist.xcrun altool --notarization-info <Request identifier> -u <Apple ID username> -p <Apple ID password> --output-format xmlto retrieve the status of this task.
xcrun stapler staple Example.appThese steps are certainly not hard. But the $99 is more like blackmail. If you don't pay, your users will be scared with a warning box. This is certainly not fun, even disgusting.
People are complaining about this (see https://buckleyisms.com/blog/apple-should-provide-notarization-for-open-source-apps/) as well.
There are certainly many open source apps that don't give it a damn. I think it is up the the mumble team's choice whether to pay this $99 and deliver the users a warning box-free experience.
The text was updated successfully, but these errors were encountered: