-
Notifications
You must be signed in to change notification settings - Fork 720
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] - macOS binaries can't be opened because of "X can’t be opened because it is from an unidentified developer" error #3285
Comments
Closing this. If this is still relevant please reopen. |
@Jimbo4350 I think this issue is still relevant, but I don't have the ability to reopen. Could you please reopen? |
I've asked for input from @newhoggy |
Reproduced on this download: https://hydra.iohk.io/build/17428186 |
This is the current situation:
|
What's your rationale for not signing Mac binaries? |
Signing is easy, automation of notarization is a bear, and upstream apple keeps breaking our process (for Daedalus signing) that usually halts the release process for weeks waiting for legal sign off for new license agreements, or a forced upgrade to a new version of osx because Xcode needs upgraded, etc... Windows is just as much a pain being connected to an HSM that needs manually touched every few weeks. Because the automation around signing windows and Mac binaries is so complicated we only do it with Daedalus releases at the moment. If everyone would just adopt regular pgp signatures across all platforms my life would be a lot easier... |
@disassembler if you have signing set up, notarization is just these two commands: xcrun notarytool submit $PATH_TO_SIGNED_BINARY \
--apple-id $IOG_APPLEID \
--password $IOG_APPLEID_PASSWORD \
--team-id $IOG_TEAMID \
--progress \
--wait
xcrun stapler staple $PATH_TO_SIGNED_BINARY Have you tried adding that to your CI pipeline? |
Internal/External
External otherwise.
Area
Other Any other topic (Delegation, Ranking, ...).
Summary
Trying to open any of the macOS binaries results in this error message:
System info (please complete the following information):
Additional context
None of the macOS binaries work out of the box as they and their associated dylibs haven't been codesigned, which results in macOS's Gatekeeper preventing their execution and showing an error message
X can’t be opened because it is from an unidentified developer
Having to sudo, or right-click open, or changing Security settings on an ad-hoc basis for every single binary and dylib is not a viable solution. It's not aligned with platform standards, it's not user-friendly, and it's an unnecessary hurdle for novice programmers.
Also see cardano-foundation/cardano-wallet#2966
The text was updated successfully, but these errors were encountered: