[PD-dev] macOS 10.15 notarization

Kevin Haywood khaywood at ucsd.edu
Wed Dec 11 21:56:54 CET 2019


I just discovered the huge headache of the notarization system under Catalina: the OS will prevent loading of every non-notarized *external* that you try to load. This appears to be a 3-part ordeal per external:

macOS’ first message is thrown the first time you open a patch with a non-notarized external:

    “myexternal~.pd_darwin” cannot be opened because the developer cannot be verified. macOS cannot verify that this app is free from malware.

The buttons accompanying this message are Move to Trash (!) and Cancel.

There are probably other ways, but to fix this, I had to go to System Preferences > Security & Privacy and click the button that allows authorization for the last binary that was prevented from launching.

I then had to quit and restart Pd. Opening a patch containing the offending external, I’m greeted with an error message similar to the first:

    macOS cannot verify the developer of “myexternal~.pd_darwin”. Are you sure you want to open it? By opening this app, you will be overriding system security which can expose your computer and personal information to malware that may harm your Mac or compromise your privacy.

You get Move to Trash, Open, and Cancel buttons this time. If you say Open, your external is allowed to load from this point on. But note that you have to do this 3-step process for every external, and only at the time that they’re first loaded, meaning we’re going to have to go through this whenever we first load up some old patch with a (64-bit) external we haven’t used in a while : \

Kevin


> On Oct 8, 2019, at 2:45 AM, Dan Wilcox <danomatika at gmail.com> wrote:
> 
> Howdy all,
> 
> The newest version of macOS, 10.15 "Catalina", is out and with it comes a new "Notarization" requirement for applications, etc:
> 
> https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution?language=objc <https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution?language=objc>
> 
> As far as I can tell, applications do not need to be built via Xcode, but need to be screened and Notarized by Apple. I'm not 100% certain if this applies only to applications signed by a Developer ID or for *all* applications. Regardless of whether we approve of this security step or not (I don't), the practical matter is that Pd *may* suddenly not run for users on 10.15 as it is not notarized or signed. OTOH software that is not signed and is installed "from the wild" *may* still be launched via Right Click -> Open on first run... although I'm not sure.
> 
> Apple has made the Notarization requirement optional until January 2020 to ease the transition.
> 
> At this point, it would be helpful to hear from someone who has the new OS if Pd runs and if there are any warning dialogs.
> 
> In the worst case, we will need an Apple developer account ($100 a year) to signed Pd for distribution and notarization. This also requires using the Xcode 10+ developer tools which rules out Miller's 10.6 build system for this step. it could be integrated as a makefile step. I have a dev account and can do some testing, when needed.
> 
> In the best case, Right Click -> Open on first run still works. :)
> 
> --------
> Dan Wilcox
> @danomatika <http://twitter.com/danomatika>
> danomatika.com <http://danomatika.com/>
> robotcowboy.com <http://robotcowboy.com/>
> 
> 
> 
> _______________________________________________
> Pd-dev mailing list
> Pd-dev at lists.iem.at
> https://lists.puredata.info/listinfo/pd-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.puredata.info/pipermail/pd-dev/attachments/20191211/ee5b4f05/attachment.html>


More information about the Pd-dev mailing list