Re: [gtk-osx-users] CodeSigning and Catalina security issue.

[John Ralls <jralls ceridwen us>]

> On Feb 14, 2020, at 12:56 PM, Pascal <p p14 orange fr> wrote:
>
> Hello John,
>
> > Le 14 févr. 2020 à 21:40, John Ralls <jralls ceridwen us> a écrit :
> >
> > > On Feb 14, 2020, at 12:16 PM, Pascal <p p14 orange fr> wrote:
> > >
> > > Hello,
> > >
> > > I've now codesign my GTK-OSX app for the bundle:
> > > % APPLICATION_CERT=gtk-cert /opt/gtk-mac-bundler/gtk-mac-bundler /opt/chapitre6/gtk3-ch6.bundle 
> > >
> > > But I've still the issue for opening the Documents folder:
> > > <Capture d’écran 2020-02-14 à 21.08.36.png>
> > >
> > > What else would I have to do?
> > > Any clue?
> >
> > It works OK when unsigned but is sandboxed when signed?
>
> Both gave the same opening error. I hoped the error would have disappeared when signing but it was not the 
> case.

No, code signing isn't going to change anything. Does it matter if you launch it from Terminal with 
  /opt/Gtk3-ch6cs.app/Contents/MacOS/Gtk3-ch6cs
or
  open /opt/Gtk3-ch6cs.app
There might be some useful output especially in the first case.


> > Is gtk-cert an Apple developer cert? Don't try to use anything else on MacOS, Apple's security stuff 
> > recognizes only their own certificates.
>
> I created the certificate with KeyChain app, as the following link description but I created it in session 
> and not system keychain:
> https://gcc.gnu.org/onlinedocs/gnat_ugn/Codesigning-the-Debugger.html

That won't do you any good if you're planning to distribute app bundles. Only Apple Developer Program 
certificates are accepted by MacOS's Gatekeeper, and for Catalina you also have to get the bundle notarized 
and that has the same restriction on certificates.

Regards,
John Ralls