MobileRead Forums - View Single Post

KevinH · 06-21-2019, 04:13 PM

See the related discussion I had with Kovid here:

https://www.mobileread.com/forums/sh...43#post3859243

His plan is a wait-and-see approach but the new "hardened runtime" requirement would be an issue for Calibre as well. To be notarized an app must use the Apple hardened runtime.

The only way to get Sigil to use the hardened runtime would be to ask for almost all of the entitlements (exceptions) as both Sigil and Calibre use python plugins which may load many python packages and associated shared libraries and modules, none of which we sign), we both use QtWebKit/QtWebEngine which means we use JIT compilation, javascripts, and areas of the stack are walked for garbage collection, etc. Access to user's Photos, Audio, and Video would be restricted. They do not want you to allow the user to run a debugger to help track down an error, they do not want you to use DYLD library path setting, and etc.

Basically, Apple views any 3rd party app as an "attack vector" for an uncaught virus or malware, instead of a real app. This makes no sense at all. If anyone gets physical access to your mac machine, you are screwed anyway. The silly thing is anyone can write a python plugin package that does anything it wants and a user could install that and run it via Sigil or Calibre or even from the command line, so this notarization is effectively shutting a barn door after all the animals inside have already fled.

So my plan is similar to Kovids. First wait and see what develops. The beta is allowing us both to run now since we are signed but that may change.

If that door closes, the problem will be figuring a way to actually get our apps to work with the "hardened runtime" if at all possible. If so, I will try for "notarization" but it might be impossible to actually pass that requirement even when asking for almost all of the exceptions.

If I can not get notarization to pass, then we come to a real problem. As long as Apple allows unsigned and unnotarized apps to be run, I will simply stop signing it (actually lessening security not increasing it) and keep releasing. If Apple ever prevents power users from installing and running the apps we want, I will simply stop being a Mac user. At that point, some other Apple volunteer developer would have to step up, redesign Sigil to curtail or limit its usefulness to fit the hardened runtime limits or development on macOS would stop.

06-21-2019, 04:13 PM	#2
KevinH Sigil Developer Posts: 8,848 Karma: 6120478 Join Date: Nov 2009 Device: many	See the related discussion I had with Kovid here: https://www.mobileread.com/forums/sh...43#post3859243 His plan is a wait-and-see approach but the new "hardened runtime" requirement would be an issue for Calibre as well. To be notarized an app must use the Apple hardened runtime. The only way to get Sigil to use the hardened runtime would be to ask for almost all of the entitlements (exceptions) as both Sigil and Calibre use python plugins which may load many python packages and associated shared libraries and modules, none of which we sign), we both use QtWebKit/QtWebEngine which means we use JIT compilation, javascripts, and areas of the stack are walked for garbage collection, etc. Access to user's Photos, Audio, and Video would be restricted. They do not want you to allow the user to run a debugger to help track down an error, they do not want you to use DYLD library path setting, and etc. Basically, Apple views any 3rd party app as an "attack vector" for an uncaught virus or malware, instead of a real app. This makes no sense at all. If anyone gets physical access to your mac machine, you are screwed anyway. The silly thing is anyone can write a python plugin package that does anything it wants and a user could install that and run it via Sigil or Calibre or even from the command line, so this notarization is effectively shutting a barn door after all the animals inside have already fled. So my plan is similar to Kovids. First wait and see what develops. The beta is allowing us both to run now since we are signed but that may change. If that door closes, the problem will be figuring a way to actually get our apps to work with the "hardened runtime" if at all possible. If so, I will try for "notarization" but it might be impossible to actually pass that requirement even when asking for almost all of the exceptions. If I can not get notarization to pass, then we come to a real problem. As long as Apple allows unsigned and unnotarized apps to be run, I will simply stop signing it (actually lessening security not increasing it) and keep releasing. If Apple ever prevents power users from installing and running the apps we want, I will simply stop being a Mac user. At that point, some other Apple volunteer developer would have to step up, redesign Sigil to curtail or limit its usefulness to fit the hardened runtime limits or development on macOS would stop. Last edited by KevinH; 06-21-2019 at 04:20 PM.