Re: [gtk-osx-users] macOS Catalina’s new security features versus GTK.





Catalina won't let you have a bundle that runs a program that's not in the bundle, nor will it allow a bundled program to dyld libraries outside of the bundle and not in the system library directories. (You can dlopen outside libraries from pre-specified locations if you use the plugins entitlement when code signing the bundle, but that's a bit different.)

The simplest path forward is to use gtk-mac-bundler.

... did the codesign option in the bundler works correctly now? At the moment I'm still doing something like:

gtk-mac-bundler app.bundle find installers/myapp.app -name *.dylib -exec codesign [...];
find installers/myapp.app -name *.so -exec codesign[...];
codesign -vvv --deep --force --options runtime --strict [...]
dmgbuild -s dmg_setup.py "MyApp $(VERSION)" installers/MyApp-$(VERSION).dmg
codesign [...] installers/MyApp-$(VERSION).dmg

... to have a DMG that passes the notarization process.

I'm not sure if his problem may be related, but it's possible that a not notarized/stapled binary cannot request at all "unlocking" access to certain path locations?

--
Bye,
 Gabry



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]