06-14-2019, 03:35 PM | #16 |
just an egg
Posts: 1,586
Karma: 4300000
Join Date: Mar 2015
Device: Kindle, iOS
|
It's more than whether an app is signed. Apple now requires signed apps to be submitted for approval ("notarized"), and some open source developers take an understandably dim view of this.
Some forums suggest that software that's already installed on a Mac may run after upgrading to Catalina, but if you have to re-install the software or install an updated version, it may get caught by Gatekeeper if it's not signed and notarized. Plugins also appear to be affected depending on how the host app is notarized. The question is whether there is an option to override Gatekeeper, as there is with High Sierra. pwalker8, are you confirming that it is not possible to override Gatekeeper in Catalina? Thank you https://developer.apple.com/document...e_distribution |
06-15-2019, 01:22 PM | #17 |
just an egg
Posts: 1,586
Karma: 4300000
Join Date: Mar 2015
Device: Kindle, iOS
|
Looks like Gatekeeper can be overridden by going to System Preferences > Security.
https://forums.macrumors.com/threads...gning.2183873/ I wonder if the problem with the Alf standalone has to do with the Python version or something related. |
Advert | |
|
06-15-2019, 02:05 PM | #18 |
Grand Sorcerer
Posts: 7,195
Karma: 70314280
Join Date: Dec 2006
Location: Atlanta, GA
Device: iPad Pro, iPad mini, Kobo Aura, Amazon paperwhite, Sony PRS-T2
|
As far as I know, Apple doesn't require that apps be notarized unless they are sold through the App store. I have quite a few apps that are not notarized and work just fine with the beta.
Calibre is python based and works fine. I suspect the issue with deDRM is it's not signed. As a developer, I can create apps that aren't signed. Most people who do that mostly are writing stuff for their personal use rather than for other people to use. |
06-15-2019, 04:08 PM | #19 | |||
just an egg
Posts: 1,586
Karma: 4300000
Join Date: Mar 2015
Device: Kindle, iOS
|
Quote:
https://developer.apple.com/news/?id=06032019i Quote:
How can one tell if an app is notarized? I know how to tell if an app is signed, but I would be interested in knowing how to check if it's also notarized. Quote:
Last edited by odamizu; 06-15-2019 at 06:07 PM. |
|||
06-15-2019, 06:49 PM | #20 |
Grand Sorcerer
Posts: 7,195
Karma: 70314280
Join Date: Dec 2006
Location: Atlanta, GA
Device: iPad Pro, iPad mini, Kobo Aura, Amazon paperwhite, Sony PRS-T2
|
Phillips-MacBook-Pro:Applications phillipwalker$ spctl -a -v DeDRM.app
DeDRM.app: rejected source=no usable signature Phillips-MacBook-Pro:Applications phillipwalker$ spctl -a -v Calibre.app Calibre.app: accepted source=Developer ID Phillips-MacBook-Pro:Applications phillipwalker$ spctl -a -v BBEdit.app BBEdit.app: accepted source=Notarized Developer ID |
Advert | |
|
06-15-2019, 09:14 PM | #21 |
just an egg
Posts: 1,586
Karma: 4300000
Join Date: Mar 2015
Device: Kindle, iOS
|
@pwalker8 — Excellent! Thank you so much!
|
06-16-2019, 08:19 AM | #22 |
Grand Sorcerer
Posts: 7,195
Karma: 70314280
Join Date: Dec 2006
Location: Atlanta, GA
Device: iPad Pro, iPad mini, Kobo Aura, Amazon paperwhite, Sony PRS-T2
|
No problem. One can still develop programs for one's own use without being part of the developer's program, so I suspect there is some sort of exception built in. The documentation for spctl implies that one can make modifications to the security database, so perhaps there are ways around it. I can't say since I haven't played around with it all that much, plus we are still talking about the initial beta. I suspect that if there is a lot of problems caused and push back, especially when the first public beta comes out, then Apple may back down a bit on this.
|
06-19-2019, 04:31 PM | #23 |
Grand Sorcerer
Posts: 7,195
Karma: 70314280
Join Date: Dec 2006
Location: Atlanta, GA
Device: iPad Pro, iPad mini, Kobo Aura, Amazon paperwhite, Sony PRS-T2
|
One thing to keep in mind with regards to betas, especially this far in advance of the final release, is that it will likely change quite a bit between now and September. If Apple gets enough push back with regards to the new security settings, then they will likely either ratchet it down or allow exceptions. Plus, beta's frequently don't handle boundary conditions well. Apple has a history of pulling features that caused problems.
The other thing I would say is to take Apple's warning seriously and not put beta's on your main computer. I use a laptop and iPad mini for betas, leaving my iMac and iPad Pro for my every day usage. |
06-20-2019, 12:04 AM | #24 |
just an egg
Posts: 1,586
Karma: 4300000
Join Date: Mar 2015
Device: Kindle, iOS
|
Per various online forums, it appears Gatekeeper can be overridden in System Prefs > Security and via spctl. It also sounds like the notarization requirement may not apply to unsigned apps. So it looks like Apple is already allowing exceptions. Just hope they don't decide to ratchet it up.
|
06-20-2019, 07:37 AM | #25 | |
Grand Sorcerer
Posts: 7,195
Karma: 70314280
Join Date: Dec 2006
Location: Atlanta, GA
Device: iPad Pro, iPad mini, Kobo Aura, Amazon paperwhite, Sony PRS-T2
|
Quote:
|
|
06-20-2019, 12:32 PM | #26 |
just an egg
Posts: 1,586
Karma: 4300000
Join Date: Mar 2015
Device: Kindle, iOS
|
|
06-20-2019, 01:11 PM | #27 |
Old Gadget Guy
Posts: 1,906
Karma: 6854865
Join Date: Jun 2018
Device: Oasis 3, iPhone 13 Pro Max, iPad mini 6, iPad Air 2020, Alexa Devices
|
Which is why I don't get too excited about the new Mac OS X or iOS this early on. It is a LONG time until September or October when they finally get released, and I typically wait a few weeks beyond that to install the Mac OS X upgrade as I know that beta doesn't always squash all of the bad bugs. So I wait for the early birds to show up to the watering hole and make sure they don't get eaten alive before I wade into the pool!
Last edited by OtinG; 06-20-2019 at 01:24 PM. |
06-20-2019, 03:11 PM | #28 |
Sigil Developer
Posts: 7,645
Karma: 5433388
Join Date: Nov 2009
Device: many
|
This is actually an important issue for Sigil. Right now I volunteer my time as a Sigil developer (all donations are disabled on our site). Sigil does not use the Mac App store as we have no interest in it. That said, Apple still charges me over $100 Canadian per year just to be able to digitally sign Sigil. They make no exceptions for open source developers.
According to a nastigram I received from Apple Developer Relations ... I must now rebuild and relink my app to enable their special runtime and then to declare "limits" of what the app can do and what files/folders it can access. Given Sigil is an ebook editing environment, it needs to access Photos, Images, Audio, Video, xhtml files anyplace, etc. Sigil also embeds an entire Python 3.7.2 interpreter and allows full Plugins, I can not even begin to "narrow down" what a plugin should do nor limit it. So this "notarization" is a complete waste as any user added plugin could access whatever they want in python. Then I must "submit" it for them to quote "notarize" it. As well as all previous releases of Sigil that I have signed. So this is no trivial task. Then to add insult to injury the Apple dev docs to do all of this are only provided for XCode IDE "novice" developers who need gui hand holding. No command line instructions were posted so no automating the build process with scripts can be done. We build Sigil across 3 platforms (Windows, Linux, and Mac) and build automation is crucial. I asked Apple's Developer Relations (who said if I had questions I should ask them) for simple directions on how to do this without XCode and its nonsense baggage and my only response was that I should ask for help from other developers on their developer's forums. So right now the chances of Sigil getting anything notarized by Apple for its new walled garden on macOS is about 0. And the day they prevent power users from running whatever apps they want, will be the last day I use a macOS. I will just go back to Linux. The most silly thing about Apple's security model is that it completely ignores unix level security features. If I have a new app I either run it in a VM or create a non-admin account where there are no other files it can even access outside of what I place in that VM or non-admin account for it to use. So it (or me) can not delete my entire music library! My2 cents ... Last edited by KevinH; 06-20-2019 at 03:15 PM. |
06-20-2019, 06:21 PM | #29 |
Old Gadget Guy
Posts: 1,906
Karma: 6854865
Join Date: Jun 2018
Device: Oasis 3, iPhone 13 Pro Max, iPad mini 6, iPad Air 2020, Alexa Devices
|
While I understand the frustration developers have, this is a thread about Catalina’s features, it is NOT a “vent your frustrations against Apple” thread.
|
06-20-2019, 06:54 PM | #30 | |
just an egg
Posts: 1,586
Karma: 4300000
Join Date: Mar 2015
Device: Kindle, iOS
|
Quote:
If Catalina (and future macOS's) will run unsigned apps without notarization, would you be willing to continue developing Sigil without signing it? I thought this was a thread to discuss Catalina — not just new features, but capabilities and limitations. I wouldn't be surprised if the developers of Calibre and Alf's Tools are facing similar frustrations. If open source developers like KevinH, KovidGoyal and ApprenticeAlf/Harper walk away from Mac due to Apple's new "security" features, that's critical information for all Mac users. Last edited by odamizu; 06-20-2019 at 09:53 PM. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
iOS 13 Beta Discussion Thread | OtinG | Apple Devices | 36 | 06-14-2019 07:17 PM |
MobileRead Discussion/Suggestion Thread | WT Sharpe | Book Clubs | 378 | 11-16-2017 08:25 PM |
Firmware 3.15 discussion thread | Lynx-lynx | Kobo Reader | 276 | 07-04-2015 06:33 AM |
Wicked discussion thread. | WT Sharpe | Reading Recommendations | 15 | 08-07-2011 08:11 AM |
iLiad FBShot discussion thread | scotty1024 | iRex Developer's Corner | 2 | 11-16-2006 05:30 PM |