Re: [gtk-osx-users] CodeSigning and Catalina security issue.



Hello John,

Le 14 févr. 2020 à 23:19, John Ralls <jralls ceridwen us> a écrit :

On Feb 14, 2020, at 12:56 PM, Pascal <p p14 orange fr> wrote:

Hello John,

Le 14 févr. 2020 à 21:40, John Ralls <jralls ceridwen us> a écrit :

On Feb 14, 2020, at 12:16 PM, Pascal <p p14 orange fr> wrote:

Hello,

I've now codesign my GTK-OSX app for the bundle:
% APPLICATION_CERT=gtk-cert /opt/gtk-mac-bundler/gtk-mac-bundler /opt/chapitre6/gtk3-ch6.bundle 

But I've still the issue for opening the Documents folder:
<Capture d’écran 2020-02-14 à 21.08.36.png>

What else would I have to do?
Any clue?

It works OK when unsigned but is sandboxed when signed?

Both gave the same opening error. I hoped the error would have disappeared when signing but it was not the 
case.

No, code signing isn't going to change anything. Does it matter if you launch it from Terminal with 
 /opt/Gtk3-ch6cs.app/Contents/MacOS/Gtk3-ch6cs

== Access to Documents folder is allowed. (I guess the autorisation is coming from the Terminal itself).

or
 open /opt/Gtk3-ch6cs.app

== Access to Documents folder is forbidden.

There might be some useful output especially in the first case.


Is gtk-cert an Apple developer cert? Don't try to use anything else on MacOS, Apple's security stuff 
recognizes only their own certificates.

I created the certificate with KeyChain app, as the following link description but I created it in session 
and not system keychain:
https://gcc.gnu.org/onlinedocs/gnat_ugn/Codesigning-the-Debugger.html

That won't do you any good if you're planning to distribute app bundles. Only Apple Developer Program 
certificates are accepted by MacOS's Gatekeeper, and for Catalina you also have to get the bundle notarized 
and that has the same restriction on certificates.

For now, I try with a local certificate like a sort of PoC.

Regards, Pascal.
https://blady.pagesperso-orange.fr




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]