[gtk-osx-users] macOS 10.15.x and notarizing



Hi guys,

yesterday apple released macOS 10.15 and one of the new "features" is that all the developer signed apps should be notarized (sent to apple for an automatic review), I found and used the instructions in this page:

https://wiki.gnome.org/Projects/GTK/OSX/Bundling#Notarizing

... and I've been able to create an application that passes the apple process, what I'm not sure of is if a C/C++ GTK app requires one or more of the entitlements defined by Apple to run:

https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_automation_apple-events?language=objc

... my tests show me that should be not the case, the app seems to work ok, but I'm still on Mojave and I've not tried it in Catalina yet.

What I fear, and maybe some GTK developer may answer is that a GTK app may "break" this:

Allow DYLD Environment Variables Entitlement

A Boolean value that indicates whether the app may be affected by dynamic linker environment variables, which you can use to inject code into your app’s process.

Key: com.apple.security.cs.allow-dyld-environment-variables

or this

Disable Library Validation Entitlement

A Boolean value that indicates whether the app may load arbitrary plug-ins or frameworks, without requiring code signing.

Key: com.apple.security.cs.disable-library-validation

... I've signed every .dylib and .so, and engine/pixbuf loading seems to work... but again I'm still on Mojave... 

--
Bye,
 Gabry



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]