www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Notarization is required by default in macOS 10.15

reply Bogdan Szabo <szabobogdan3 gmail.com> writes:
Hey! Are you aware about this new change for macOS? I noticed 
that none of the mac installers are signed with apple 
certificates,which might be a problem in the future.

Beginning in macOS 10.14.5, all new or updated kernel extensions 
and all software from developers new to distributing with 
Developer ID must be notarized in order to run. Beginning in 
macOS 10.15, notarization is required by default for all software.

https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution
Jun 07 2019
parent reply Gregor =?UTF-8?B?TcO8Y2ts?= <gregormueckl gmx.de> writes:
On Friday, 7 June 2019 at 11:35:41 UTC, Bogdan Szabo wrote:
 Hey! Are you aware about this new change for macOS? I noticed 
 that none of the mac installers are signed with apple 
 certificates,which might be a problem in the future.

 Beginning in macOS 10.14.5, all new or updated kernel 
 extensions and all software from developers new to distributing 
 with Developer ID must be notarized in order to run. Beginning 
 in macOS 10.15, notarization is required by default for all 
 software.

 https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution
Not a Mac user at all, but still curious: wouldn't you have to disable that check on a development machine? Every executable coming out of your build tools is going to miss a signature. And if - as the grapewine has it - notarization requires an Apple ID with two factor authentication enabled, I don't think that any developer is going to want automatic signing for iterative builds during their normal work cycle. So, although signed release builds would be great, is it really that much of a showstopper as far as D is concerned?
Jun 07 2019
next sibling parent Jacob Carlborg <doob me.com> writes:
On 2019-06-07 16:05, Gregor Mückl wrote:

 Not a Mac user at all, but still curious: wouldn't you have to disable 
 that check on a development machine? Every executable coming out of your 
 build tools is going to miss a signature.
I'm not sure how it works or if it's applicable in this situation but macOS can somehow detect if an application is downloaded from the web and will add a warning. Also these features usually only applies to application bundles and installers and not plain executables. -- /Jacob Carlborg
Jun 07 2019
prev sibling parent JN <666total wp.pl> writes:
On Friday, 7 June 2019 at 14:05:56 UTC, Gregor Mückl wrote:
 On Friday, 7 June 2019 at 11:35:41 UTC, Bogdan Szabo wrote:
 [...]
Not a Mac user at all, but still curious: wouldn't you have to disable that check on a development machine? Every executable coming out of your build tools is going to miss a signature. And if - as the grapewine has it - notarization requires an Apple ID with two factor authentication enabled, I don't think that any developer is going to want automatic signing for iterative builds during their normal work cycle. So, although signed release builds would be great, is it really that much of a showstopper as far as D is concerned?
My guess is you'd have to disable SIP and then you could disable this requirementn as well.
Jun 07 2019