Menu
Search

Forums

Forum Index

Thread overview
Notarization is required by default in macOS 10.15
Jun 07, 2019
Bogdan Szabo
Jun 07, 2019
Gregor Mückl
Jun 07, 2019
Jacob Carlborg
Jun 07, 2019
JN
June 07, 2019
Gravatar of Bogdan SzaboPosted by Bogdan SzaboReply
Bogdan Szabo
Gravatar of Bogdan Szabo


Reply
Hey! Are you aware about this new change for macOS? I noticed that none of the mac installers are signed with apple certificates,which might be a problem in the future.

Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. Beginning in macOS 10.15, notarization is required by default for all software.

https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution
June 07, 2019
Gravatar of Gregor MücklPosted by Gregor Mückl
in reply to Bogdan Szabo		Reply
Gregor Mückl
Gravatar of Gregor Mückl
Posted in reply to Bogdan Szabo


Reply
On Friday, 7 June 2019 at 11:35:41 UTC, Bogdan Szabo wrote:
> Hey! Are you aware about this new change for macOS? I noticed that none of the mac installers are signed with apple certificates,which might be a problem in the future.
>
> Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. Beginning in macOS 10.15, notarization is required by default for all software.
>
> https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution

Not a Mac user at all, but still curious: wouldn't you have to disable that check on a development machine? Every executable coming out of your build tools is going to miss a signature.

And if - as the grapewine has it - notarization requires an Apple ID with two factor authentication enabled, I don't think that any developer is going to want automatic signing for iterative builds during their normal work cycle.

So, although signed release builds would be great, is it really that much of a showstopper as far as D is concerned?
June 07, 2019
Gravatar of Jacob CarlborgPosted by Jacob Carlborg
in reply to Gregor Mückl		Reply
Jacob Carlborg
Gravatar of Jacob Carlborg
Posted in reply to Gregor Mückl


Reply
On 2019-06-07 16:05, Gregor Mückl wrote:

> Not a Mac user at all, but still curious: wouldn't you have to disable that check on a development machine? Every executable coming out of your build tools is going to miss a signature.

I'm not sure how it works or if it's applicable in this situation but macOS can somehow detect if an application is downloaded from the web and will add a warning.

Also these features usually only applies to application bundles and installers and not plain executables.

-- 
/Jacob Carlborg
June 07, 2019
Gravatar of JNPosted by JN
in reply to Gregor Mückl		Reply
JN
Gravatar of JN
Posted in reply to Gregor Mückl


Reply
On Friday, 7 June 2019 at 14:05:56 UTC, Gregor Mückl wrote:
> On Friday, 7 June 2019 at 11:35:41 UTC, Bogdan Szabo wrote:
>> [...]
>
> Not a Mac user at all, but still curious: wouldn't you have to disable that check on a development machine? Every executable coming out of your build tools is going to miss a signature.
>
> And if - as the grapewine has it - notarization requires an Apple ID with two factor authentication enabled, I don't think that any developer is going to want automatic signing for iterative builds during their normal work cycle.
>
> So, although signed release builds would be great, is it really that much of a showstopper as far as D is concerned?

My guess is you'd have to disable SIP and then you could disable this requirementn as well.