Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Software > Sigil

Notices

Reply
 
Thread Tools Search this Thread
Old 06-21-2019, 03:13 PM   #1
odamizu
just an egg
odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.
 
odamizu's Avatar
 
Posts: 977
Karma: 1831456
Join Date: Mar 2015
Device: Kindle Oasis1 & Voyage, iOS
Sigil for Mac & macOS 10.15 Catalina

I started this discussion in a Catalina thread on the Apple forum and was asked to take it elsewhere.

Starting with macOS 10.15 Catalina, Apple is requiring app notarization by default: "Mac apps, installer packages, and kernel extensions that are signed with Developer ID must also be notarized by Apple in order to run on macOS Catalina."

Meanwhile, this discussion on MacRumors suggests Catalina's Gatekeeper can be overridden via System Prefs > Security or spectl to allow unsigned/unnotarized apps to run.

KevinH weighed in on the new notarization requirement thus:

Quote:
Originally Posted by KevinH View Post
This is actually an important issue for Sigil. Right now I volunteer my time as a Sigil developer (all donations are disabled on our site). Sigil does not use the Mac App store as we have no interest in it. That said, Apple still charges me over $100 Canadian per year just to be able to digitally sign Sigil. They make no exceptions for open source developers.

According to a nastigram I received from Apple Developer Relations ... I must now rebuild and relink my app to enable their special runtime and then to declare "limits" of what the app can do and what files/folders it can access.

Given Sigil is an ebook editing environment, it needs to access Photos, Images, Audio, Video, xhtml files anyplace, etc. Sigil also embeds an entire Python 3.7.2 interpreter and allows full Plugins, I can not even begin to "narrow down" what a plugin should do nor limit it. So this "notarization" is a complete waste as any user added plugin could access whatever they want in python.

Then I must "submit" it for them to quote "notarize" it. As well as all previous releases of Sigil that I have signed.

So this is no trivial task.

Then to add insult to injury the Apple dev docs to do all of this are only provided for XCode IDE "novice" developers who need gui hand holding. No command line instructions were posted so no automating the build process with scripts can be done. We build Sigil across 3 platforms (Windows, Linux, and Mac) and build automation is crucial.

I asked Apple's Developer Relations (who said if I had questions I should ask them) for simple directions on how to do this without XCode and its nonsense baggage and my only response was that I should ask for help from other developers on their developer's forums.

So right now the chances of Sigil getting anything notarized by Apple for its new walled garden on macOS is about 0. And the day they prevent power users from running whatever apps they want, will be the last day I use a macOS. I will just go back to Linux.

The most silly thing about Apple's security model is that it completely ignores unix level security features. If I have a new app I either run it in a VM or create a non-admin account where there are no other files it can even access outside of what I place in that VM or non-admin account for it to use. So it (or me) can not delete my entire music library!

My2 cents ...
I replied:
Quote:
Originally Posted by odamizu View Post
Thanks Kevin. Your 2 cents are always worth more like $2million to me.

If Catalina (and future macOS's) will run unsigned apps without notarization, would you be willing to continue developing Sigil without signing it?
Thank you
odamizu is online now   Reply With Quote
Old 06-21-2019, 04:13 PM   #2
KevinH
Wizard
KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.KevinH ought to be getting tired of karma fortunes by now.
 
Posts: 3,643
Karma: 2209324
Join Date: Nov 2009
Device: many
See the related discussion I had with Kovid here:

https://www.mobileread.com/forums/sh...43#post3859243

His plan is a wait-and-see approach but the new "hardened runtime" requirement would be an issue for Calibre as well. To be notarized an app must use the Apple hardened runtime.

The only way to get Sigil to use the hardened runtime would be to ask for almost all of the entitlements (exceptions) as both Sigil and Calibre use python plugins which may load many python packages and associated shared libraries and modules, none of which we sign), we both use QtWebKit/QtWebEngine which means we use JIT compilation, javascripts, and areas of the stack are walked for garbage collection, etc. Access to user's Photos, Audio, and Video would be restricted. They do not want you to allow the user to run a debugger to help track down an error, they do not want you to use DYLD library path setting, and etc.

Basically, Apple views any 3rd party app as an "attack vector" for an uncaught virus or malware, instead of a real app. This makes no sense at all. If anyone gets physical access to your mac machine, you are screwed anyway. The silly thing is anyone can write a python plugin package that does anything it wants and a user could install that and run it via Sigil or Calibre or even from the command line, so this notarization is effectively shutting a barn door after all the animals inside have already fled.

So my plan is similar to Kovids. First wait and see what develops. The beta is allowing us both to run now since we are signed but that may change.

If that door closes, the problem will be figuring a way to actually get our apps to work with the "hardened runtime" if at all possible. If so, I will try for "notarization" but it might be impossible to actually pass that requirement even when asking for almost all of the exceptions.

If I can not get notarization to pass, then we come to a real problem. As long as Apple allows unsigned and unnotarized apps to be run, I will simply stop signing it (actually lessening security not increasing it) and keep releasing. If Apple ever prevents power users from installing and running the apps we want, I will simply stop being a Mac user. At that point, some other Apple volunteer developer would have to step up, redesign Sigil to curtail or limit its usefulness to fit the hardened runtime limits or development on macOS would stop.

Last edited by KevinH; 06-21-2019 at 04:20 PM.
KevinH is offline   Reply With Quote
Advert
Old 06-21-2019, 08:20 PM   #3
odamizu
just an egg
odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.odamizu ought to be getting tired of karma fortunes by now.
 
odamizu's Avatar
 
Posts: 977
Karma: 1831456
Join Date: Mar 2015
Device: Kindle Oasis1 & Voyage, iOS
Quote:
Originally Posted by KevinH View Post
... So my plan is similar to Kovids. First wait and see what develops. The beta is allowing us both to run now since we are signed but that may change.

If that door closes, the problem will be figuring a way to actually get our apps to work with the "hardened runtime" if at all possible. If so, I will try for "notarization" but it might be impossible to actually pass that requirement even when asking for almost all of the exceptions.

If I can not get notarization to pass, then we come to a real problem. As long as Apple allows unsigned and unnotarized apps to be run, I will simply stop signing it (actually lessening security not increasing it) and keep releasing. If Apple ever prevents power users from installing and running the apps we want, I will simply stop being a Mac user. At that point, some other Apple volunteer developer would have to step up, redesign Sigil to curtail or limit its usefulness to fit the hardened runtime limits or development on macOS would stop.
Thank you, KevinH.

If Apple insists on driving developers like you and KovidGoyal away, I will likely abandon Mac as well — words I thought I'd never say. The last non-Mac operating system I used was DOS. I have never used Windows or Linux, and the thought of leaving Mac is daunting and deeply unhappy-making.
odamizu is online now   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Notarizing App for macOS Catalina KevinH Development 29 09-06-2019 08:30 PM
MacOS 10.15 Catalina Beta Discussion Thread OtinG Apple Devices 40 08-21-2019 07:51 AM
Sigil doesn't work with MacOS Mojave dark mode kawayama Sigil 7 05-22-2019 08:47 AM
Epub crashes on Sigil for Mac, OK on Sigil for PC crystamichelle Sigil 6 08-14-2013 02:52 PM
Bug reports & advices for next versions (0.6.32 MacOS X) neotheone Calibre 2 01-07-2010 01:14 PM


All times are GMT -4. The time now is 01:06 AM.


MobileRead.com is a privately owned, operated and funded community.