[gtk-osx-users] macOS 10.15.x and notarizing

From: Gabriele Greco <gabrielegreco gmail com>
To: gtk-osx-users-list gnome org
Subject: [gtk-osx-users] macOS 10.15.x and notarizing
Date: Tue, 8 Oct 2019 17:56:22 +0200

Hi guys,

yesterday apple released macOS 10.15 and one of the new "features" is that all the developer signed apps should be notarized (sent to apple for an automatic review), I found and used the instructions in this page:

https://wiki.gnome.org/Projects/GTK/OSX/Bundling#Notarizing

... and I've been able to create an application that passes the apple process, what I'm not sure of is if a C/C++ GTK app requires one or more of the entitlements defined by Apple to run:

https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_automation_apple-events?language=objc

... my tests show me that should be not the case, the app seems to work ok, but I'm still on Mojave and I've not tried it in Catalina yet.

What I fear, and maybe some GTK developer may answer is that a GTK app may "break" this:

Allow DYLD Environment Variables Entitlement

A Boolean value that indicates whether the app may be affected by dynamic linker environment variables, which you can use to inject code into your app’s process.

Key: com.apple.security.cs.allow-dyld-environment-variables

or this

Disable Library Validation Entitlement

A Boolean value that indicates whether the app may load arbitrary plug-ins or frameworks, without requiring code signing.

Key: com.apple.security.cs.disable-library-validation

... I've signed every .dylib and .so, and engine/pixbuf loading seems to work... but again I'm still on Mojave...

Bye,
Gabry

Follow-Ups:
- Re: [gtk-osx-users] macOS 10.15.x and notarizing
  - From: John Ralls

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]