-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Code-signing: Sign the app or explain to the user how to open an unsigned app #83
Comments
Let's get an Apple certificate! That will be a much better user experience. I already have an Apple Developer account as appledev@apjanke.net. If you don't mind the binaries being signed by an Individual/Sole Proprietor account, I can just use that. That might be good enough for our first release. Getting an "octave-app.org" organizational Apple certificate might take some official incorporation and paperwork, which I don't know if we want to get in to just yet. |
Agreed! |
+1 |
I've added code signing support, but I'm not sure if it's working. Could you try downloading and installing beta4 - https://github.com/octave-app/octave-app/releases/tag/v4.4.0-beta4 - and tell me what happens? |
I see a dialog that complains that the app is neither from the app store nor from a verified developer. |
Darn it. I guess I need to do something else to configure it right. Looking in to it. |
Ah, here's a hint:
Looks like we may have to prune some symlinks in the app. The symlinks into the internal Homebrew installation are invalid. And it may not link the symlink to system |
Well, I tried cleaning up all the dead symlinks from Homebrew itself, and removing the |
I did some reading and I did not find any document that supports the fact that symlinks are forbidden in app bundles (rather the opposite). However, maybe it's due to their relative nature? To test this, we could either convert all relative links to absolute ones after the creation of the bundle (something like |
That's an idea. I'll give it a shot. |
Any progress? You could also try to replace linked files by copies |
Well. I tried:
both alone and in conjunction, and it's still not working. I'm still getting an error about invalid symlink destinations when I try to validate it.
Googling around for this error isn't being very useful, either. Like you say, there's no docs that say symlinks are forbidden. I also tried that last-ditch approach of replacing links with file copies by doing
So I think we can safely say that the problem really is related to symlinks. I don't know what else to try at this point. So as a next step, I'm going to try contacting Apple Developer Support and see if they can help with this issue. |
I've also confirmed that having the bundled |
There is a complication to signing: By default, "global" packages are installed to somewhere under $PREFIX, I think under We need to find a way to redirect the location of global packages, and choose a good place for them. The |
Sorry, I do not get it. The "global" packages are installed at compile time (in the case of Homebrew in |
Is that really the case? My understanding from reading http://octave.org/doc/interpreter/Installing-and-Removing-Packages.html#Installing-and-Removing-Packages is that if you pass the I'm talking specifically about Octave packages installed by Octave's
I don't think it is different. Based on our emails with sshah, I think that Homebrew Octave users have probably been seeing crashes for the same reason when they upgrade from one Octave version to another and try to use the control package installed with the old version. I bet we just haven't been hearing about it because a simple reinstallation of the control package fixes it, and running multiple Octaves side-by-side is an unusual case. I can reproduce the same crash by just installing the Homebrew formulae |
Apple developer forum post about this issue: https://forums.developer.apple.com/message/322873 |
I cannot access the website (normal Apple ID, no dev account) but I guess you will inform us if you discover anything, right? :) |
Yep. I think you should be able to get on the forums with read-only access with a regular Apple ID (no paid developer account), too. Try logging in with your normal Apple ID and creating a forum account when it prompts you. |
Changing the milestone on this from 4.4.0 to The Future, since it looks like I'm going to have to go through Apple Developer Support to make any further progress on this, and who knows how long that will take. Don't think we should block 4.4.0 or 4.4.1 for this reason. |
See also: #196 |
We need to explain the user on the download page that one has to go to preferences -> security -> general -> ... to open the unsigned app for the first time. Or shall we get an Apple certificate?
Andrew's notes:
References
The text was updated successfully, but these errors were encountered: