MacOS 10.15 Catalina Beta Discussion Thread

[odamizu]

It's more than whether an app is signed. Apple now requires signed apps to be submitted for approval ("notarized"), and some open source developers take an understandably dim view of this.

Some forums suggest that software that's already installed on a Mac may run after upgrading to Catalina, but if you have to re-install the software or install an updated version, it may get caught by Gatekeeper if it's not signed and notarized. Plugins also appear to be affected depending on how the host app is notarized.

The question is whether there is an option to override Gatekeeper, as there is with High Sierra.

pwalker8, are you confirming that it is not possible to override Gatekeeper in Catalina?

Thank you

https://developer.apple.com/document...e_distribution

[odamizu]

Looks like Gatekeeper can be overridden by going to System Preferences > Security.

https://forums.macrumors.com/threads...gning.2183873/

I wonder if the problem with the Alf standalone has to do with the Python version or something related.

[pwalker8]

As far as I know, Apple doesn't require that apps be notarized unless they are sold through the App store. I have quite a few apps that are not notarized and work just fine with the beta.

Calibre is python based and works fine. I suspect the issue with deDRM is it's not signed. As a developer, I can create apps that aren't signed. Most people who do that mostly are writing stuff for their personal use rather than for other people to use.

[odamizu]

Quote:

Originally Posted by pwalker8

As far as I know, Apple doesn't require that apps be notarized unless they are sold through the App store.

I don't know if there are exceptions or loopholes, but this is what Apple says: "Mac apps, installer packages, and kernel extensions that are signed with Developer ID must also be notarized by Apple in order to run on macOS Catalina."

https://developer.apple.com/news/?id=06032019i

Quote:

I have quite a few apps that are not notarized and work just fine with the beta.

That's good to know, thanks.

How can one tell if an app is notarized? I know how to tell if an app is signed, but I would be interested in knowing how to check if it's also notarized.

Quote:

Calibre is python based and works fine.

Doesn't Calibre have bundled python? I think Alf standalone doesn't have bundled python but requires the Mac to have python installed, and it may require python 2 rather than 3.

[pwalker8]

Phillips-MacBook-Pro:Applications phillipwalker$ spctl -a -v DeDRM.app
DeDRM.app: rejected
source=no usable signature
Phillips-MacBook-Pro:Applications phillipwalker$ spctl -a -v Calibre.app
Calibre.app: accepted
source=Developer ID
Phillips-MacBook-Pro:Applications phillipwalker$ spctl -a -v BBEdit.app
BBEdit.app: accepted
source=Notarized Developer ID

[odamizu]

@pwalker8 — Excellent! Thank you so much!

[pwalker8]

No problem. One can still develop programs for one's own use without being part of the developer's program, so I suspect there is some sort of exception built in. The documentation for spctl implies that one can make modifications to the security database, so perhaps there are ways around it. I can't say since I haven't played around with it all that much, plus we are still talking about the initial beta. I suspect that if there is a lot of problems caused and push back, especially when the first public beta comes out, then Apple may back down a bit on this.

[pwalker8]

One thing to keep in mind with regards to betas, especially this far in advance of the final release, is that it will likely change quite a bit between now and September. If Apple gets enough push back with regards to the new security settings, then they will likely either ratchet it down or allow exceptions. Plus, beta's frequently don't handle boundary conditions well. Apple has a history of pulling features that caused problems.

The other thing I would say is to take Apple's warning seriously and not put beta's on your main computer. I use a laptop and iPad mini for betas, leaving my iMac and iPad Pro for my every day usage.

[odamizu]

Per various online forums, it appears Gatekeeper can be overridden in System Prefs > Security and via spctl. It also sounds like the notarization requirement may not apply to unsigned apps. So it looks like Apple is already allowing exceptions. Just hope they don't decide to ratchet it up.

[pwalker8]

Quote:

Originally Posted by odamizu

Per various online forums, it appears Gatekeeper can be overridden in System Prefs > Security and via spctl. It also sounds like the notarization requirement may not apply to unsigned apps. So it looks like Apple is already allowing exceptions. Just hope they don't decide to ratchet it up.

I would be surprised if they ratchet it up. Unlike IT departments in corporate America, Apple actually has to worry about customer reaction. Customers aren't worried about some nebulous security issues, they are worried about getting stuff done. The only secure computer is one that's been turned off and stuck in a bank vault, everything else is a compromise in the eyes of security types.

[odamizu]

Quote:

Originally Posted by pwalker8

I would be surprised if they ratchet it up ...

Yes, that is my thought, too. Hopefully the new notarization requirement will not become a problem for developers and users of unsigned and/or open source apps.

[OtinG]

Quote:

Originally Posted by pwalker8

One thing to keep in mind with regards to betas, especially this far in advance of the final release, is that it will likely change quite a bit between now and September.

Which is why I don't get too excited about the new Mac OS X or iOS this early on. It is a LONG time until September or October when they finally get released, and I typically wait a few weeks beyond that to install the Mac OS X upgrade as I know that beta doesn't always squash all of the bad bugs. So I wait for the early birds to show up to the watering hole and make sure they don't get eaten alive before I wade into the pool!

[KevinH]

This is actually an important issue for Sigil. Right now I volunteer my time as a Sigil developer (all donations are disabled on our site). Sigil does not use the Mac App store as we have no interest in it. That said, Apple still charges me over $100 Canadian per year just to be able to digitally sign Sigil. They make no exceptions for open source developers.


According to a nastigram I received from Apple Developer Relations ... I must now
rebuild and relink my app to enable their special runtime and then to declare "limits" of what the app can do and what files/folders it can access.

Given Sigil is an ebook editing environment, it needs to access Photos, Images, Audio, Video, xhtml files anyplace, etc. Sigil also embeds an entire Python 3.7.2 interpreter and allows full Plugins, I can not even begin to "narrow down" what a plugin should do nor limit it. So this "notarization" is a complete waste as any user added plugin could access whatever they want in python.

Then I must "submit" it for them to quote "notarize" it. As well as all previous releases of Sigil that I have signed.

So this is no trivial task.

Then to add insult to injury the Apple dev docs to do all of this are only provided for XCode IDE "novice" developers who need gui hand holding. No command line instructions were posted so no automating the build process with scripts can be done. We build Sigil across 3 platforms (Windows, Linux, and Mac) and build automation is crucial.

I asked Apple's Developer Relations (who said if I had questions I should ask them) for simple directions on how to do this without XCode and its nonsense baggage and my only response was that I should ask for help from other developers on their developer's forums.

So right now the chances of Sigil getting anything notarized by Apple for its new walled garden on macOS is about 0. And the day they prevent power users from running whatever apps they want, will be the last day I use a macOS. I will just go back to Linux.

The most silly thing about Apple's security model is that it completely ignores unix level security features. If I have a new app I either run it in a VM or create a non-admin account where there are no other files it can even access outside of what I place in that VM or non-admin account for it to use. So it (or me) can not delete my entire music library!

My2 cents ...

[OtinG]

While I understand the frustration developers have, this is a thread about Catalina’s features, it is NOT a “vent your frustrations against Apple” thread.

[odamizu]

Quote:

Originally Posted by KevinH

... So right now the chances of Sigil getting anything notarized by Apple for its new walled garden on macOS is about 0. And the day they prevent power users from running whatever apps they want, will be the last day I use a macOS. I will just go back to Linux ...

My2 cents ...

Thanks Kevin. Your 2 cents are always worth more like $2million to me.

If Catalina (and future macOS's) will run unsigned apps without notarization, would you be willing to continue developing Sigil without signing it?

Quote:

Originally Posted by OtinG

While I understand the frustration developers have, this is a thread about Catalina’s features, it is NOT a “vent your frustrations against Apple” thread.

I thought this was a thread to discuss Catalina — not just new features, but capabilities and limitations. I wouldn't be surprised if the developers of Calibre and Alf's Tools are facing similar frustrations. If open source developers like KevinH, KovidGoyal and ApprenticeAlf/Harper walk away from Mac due to Apple's new "security" features, that's critical information for all Mac users.