Re: [gtk-osx-users] CodeSigning and Catalina security issue.

From: Pascal <p p14 orange fr>
To: John Ralls <jralls ceridwen us>
Cc: gtk-osx-users-list gnome org
Subject: Re: [gtk-osx-users] CodeSigning and Catalina security issue.
Date: Thu, 20 Feb 2020 09:15:36 +0100

Hello John,

Le 14 févr. 2020 à 23:19, John Ralls <jralls ceridwen us> a écrit :

On Feb 14, 2020, at 12:56 PM, Pascal <p p14 orange fr> wrote:

Hello John,

Le 14 févr. 2020 à 21:40, John Ralls <jralls ceridwen us> a écrit :

On Feb 14, 2020, at 12:16 PM, Pascal <p p14 orange fr> wrote:

Hello,

I've now codesign my GTK-OSX app for the bundle:
% APPLICATION_CERT=gtk-cert /opt/gtk-mac-bundler/gtk-mac-bundler /opt/chapitre6/gtk3-ch6.bundle 

But I've still the issue for opening the Documents folder:
<Capture d’écran 2020-02-14 à 21.08.36.png>

What else would I have to do?
Any clue?


It works OK when unsigned but is sandboxed when signed?


Both gave the same opening error. I hoped the error would have disappeared when signing but it was not the 
case.


No, code signing isn't going to change anything. Does it matter if you launch it from Terminal with 
 /opt/Gtk3-ch6cs.app/Contents/MacOS/Gtk3-ch6cs


== Access to Documents folder is allowed. (I guess the autorisation is coming from the Terminal itself).

or
 open /opt/Gtk3-ch6cs.app


== Access to Documents folder is forbidden.

There might be some useful output especially in the first case.

Is gtk-cert an Apple developer cert? Don't try to use anything else on MacOS, Apple's security stuff 
recognizes only their own certificates.


I created the certificate with KeyChain app, as the following link description but I created it in session 
and not system keychain:
https://gcc.gnu.org/onlinedocs/gnat_ugn/Codesigning-the-Debugger.html


That won't do you any good if you're planning to distribute app bundles. Only Apple Developer Program 
certificates are accepted by MacOS's Gatekeeper, and for Catalina you also have to get the bundle notarized 
and that has the same restriction on certificates.


For now, I try with a local certificate like a sort of PoC.

Regards, Pascal.
https://blady.pagesperso-orange.fr

Follow-Ups:
- Re: [gtk-osx-users] CodeSigning and Catalina security issue.
  - From: John Ralls

References:
- [gtk-osx-users] CodeSigning and Catalina security issue.
  - From: Pascal
- Re: [gtk-osx-users] CodeSigning and Catalina security issue.
  - From: John Ralls
- Re: [gtk-osx-users] CodeSigning and Catalina security issue.
  - From: Pascal
- Re: [gtk-osx-users] CodeSigning and Catalina security issue.
  - From: John Ralls

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]