[PD] [hidraw] pre Deken release. was:(Reading/writing a HID device current best practice?)
Dan Wilcox
danomatika at gmail.com
Thu Oct 13 09:39:30 CEST 2022
One option is to directly circumvent the app/binary quarantine process.
Essentially, you can remove the quarantine flag manually:
sudo xattr -r -d com.apple.quarantine path/to/MyApp.app
Print the current flags to check with:
xattr path/to/MyApp.app
I think this should work with dylibs as well.
The externals could be shipped with an additional script for macOS which
users can run once to remove the compiled externals from quarantine. There
should be no more popups after.
This does, however, open up possible attack vectors, but anything more than
what we already had before. I think it is a reasonable approach to ask
users to decide to run the script themselves, although there will be added
friction.
On Wed, Oct 12, 2022 at 2:04 AM Alexandre Torres Porres <porres at gmail.com>
wrote:
> I'm still on old macs and I am not yet sure if my stuff is working or not
> in new macs. I just updated ELSE btw, I am now wondering if people can use
> it just fine or if it doesn't work or is a nightmare (like asking every
> time if on external should be loaded).
>
> Em ter., 11 de out. de 2022 às 15:03, Dan Wilcox <danomatika at gmail.com>
> escreveu:
>
>> You already have you answer: no code signing or notarization means users
>> get the security popup when the dylibs are loaded but they just have to
>> select open as far as I know. Gatekeeper asks them once, then the system
>> remembers the selection. I believe it may also require changing a privacy
>> setting in System Preferences to allow it.
>>
>> I already added the "Disable library validation" entitlement back for the
>> first Pd release for 10.15 which introduced the stronger security settings.
>>
>> Also, I think calling them "thieves" is misleading. If you don't want to
>> use the platform or the services which are provided with the developer
>> account, don't. No one is forcing you. Please don't contribute to FUD.
>>
>> You could simply provide the code and perhaps the make files to automate
>> the process, then convince an institution to pay for the developer account
>> license. I included this as one of my expenses for my last funded iOS
>> project... :)
>>
>> On Oct 11, 2022, at 7:12 PM, Lucas Cordiviola <lucarda27 at hotmail.com>
>> wrote:
>>
>> @ Dan
>>
>> Thanks for sharing this. I'll be digging about ` you need an Apple
>> Developer account (and Apple ID to sign up for one)`. If there's no
>> workaround about the us$100 i'll be giving up notarizing builds. Do you
>> know of a way to not send money to the thieves (if i'm not mistaken) ?
>>
>> or to put it in another way:
>>
>> if I don't codesign/notarize the builds: is just that users have an "open
>> anyway" dialog? or is it a total "show stopper" that quits Pd?
>>
>> Which way should I go without the $100 ?
>>
>>
>> --------
>> Dan Wilcox
>> @danomatika <http://twitter.com/danomatika>
>> danomatika.com
>> robotcowboy.com
>>
>>
>>
>> _______________________________________________
>> Pd-list at lists.iem.at mailing list
>> UNSUBSCRIBE and account-management ->
>> https://lists.puredata.info/listinfo/pd-list
>>
>
--
Dan Wilcox
@danomatika
danomatika.com
robotcowboy.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.puredata.info/pipermail/pd-list/attachments/20221013/eaf8795a/attachment.htm>
More information about the Pd-list
mailing list