[quote=410715:@Oliver Osswald]It appears to me that Apple is trying to repeat the Communist approach of a centrally planned economy - a central institution is deciding about what is best for all, under the pretext to make life better (more secure) for everybody…
What failed miserably for communism will fail for Apple. If they continue to create administrative hurdles to the free personal use of ones computer, then even the dumbest fanboy will eventually understand that the glorious times of Apple computers are over now.
[/quote]
Not shure about that, I see lots of those making long lines on debut day for iphones, waiting to apple tell them what they can’t do with “their” devices.
[quote=410668:@Christoph De Vocht]The method that Bjorn wrote is not working.
The reason is that AppWrapper does not use the option --options runtime and this will give the iTunes Log error:
Status: Invalid
Error #2 - Package Invalid
“The executable was not signed with the CS_RUNTIME option.”[/quote]
Interestingly enough then I do get fail on new application. The 2 Registrator apps that I successfully stapled last night was packaged a long time ago.
In new Application that I build and sign today with App Wrapper I get in the iTunes email:
Status: Invalid
Error #2 - Package Invalid
And it says nothing more not the CS_RUNTIME like you get.þ
[quote=410869:@Björn Eiríksson]Interestingly enough then I do get fail on new application. The 2 Registrator apps that I successfully stapled last night was packaged a long time ago.
In new Application that I build and sign today with App Wrapper I get in the iTunes email:
Status: Invalid
Error #2 - Package Invalid
And it says nothing more not the CS_RUNTIME like you get.þ[/quote]
That’s because AppWrapper does not use --option runtime (yet).
As of yet, it doesn’t. I’ve been researching this option, it looks like Apple have found a way to force developers to use macOS 10.13.6 or newer as it appears that it’s required
I need to fully understand the changes I am making, as a lot of people depend on App Wrapper, I don’t like to rush in things, I don’t really understand.
[quote=410918:@Sam Rowlands]As of yet, it doesn’t. I’ve been researching this option, it looks like Apple have found a way to force developers to use macOS 10.13.6 or newer as it appears that it’s required
I need to fully understand the changes I am making, as a lot of people depend on App Wrapper, I don’t like to rush in things, I don’t really understand.[/quote]
If its just 10.13+, it could just be Xcode 9.3+ and it doesnt run on 10.12.
So based on the instructions provided by @Travis Hicks, I was able to notarize an app today. Signed, sandboxed, notarized… the whole deal. The hardened runtime does not affect the app’s ability to run all the way back to 10.10. Probably earlier, that’s just the oldest version 2018r3 supports. The most annoying part is authenticating with the tool. I found it easiest to generate an app-specific password and include the password on the command line. Once authentication is worked out, it’s barely an extra step on top of signing.
[quote=412547:@Christian Schmitz]Great. Could you post the final script somewhere?
Maybe useful to just copy & paste our path, name and certificate.
If needed I could help to make an universal script where you just put the details in some variables on top.[/quote]
Honestly, the post above by Travis is it. Because of the embedded credentials, the notarizing part is something I cant share. If I swap values, Ill just be reposting what Travis posted.
The output from each step is wild and I think itll be very hard to script. My plan is to just run the commands manually after my normal build script.
One tip I can provide the keychain item Travis specified is not always available. It wasn’t for me. So I setup a keychain item called “App Notarization” with an Account Name of my Apple ID, and password of my app-specific password. Then I use --password @keychain:"App Notarization" instead. To hide my Apple ID though, I’ll probably load that into a variable before running the script. That way I can open source the script without revealing anything critical.
Still, scripting the notarization process will be a pain. Here’s an example response. This is all after the final stapling step.
Processing: /Users/thommcgrath/Documents/The ZAZ Sources/Beacon/Installers/Mac/Output/Beacon.dmg
Properties are {
NSURLIsDirectoryKey = 0;
NSURLIsPackageKey = 0;
NSURLIsSymbolicLinkKey = 0;
NSURLLocalizedTypeDescriptionKey = "Disk Image";
NSURLTypeIdentifierKey = "com.apple.disk-image-udif";
"_NSURLIsApplicationKey" = 0;
}
Codesign offset 0xa845e1 length: 9429
Stored Codesign length: 9429 number of blobs: 3
Total Length: 9429 Found blobs: 3
Props are {
cdhash = <4dca04a3 465b9586 6423323d 7f3e1e31 ad3ac0ef>;
digestAlgorithm = 2;
flags = 0;
secureTimestamp = "2018-11-01 21:30:30 +0000";
signingId = Beacon;
teamId = E3JM6H56CP;
}
JSON Data is {
records = (
{
recordName = "2/2/4dca04a3465b95866423323d7f3e1e31ad3ac0ef";
}
);
}
Headers: {
"Content-Type" = "application/json";
}
Domain is api.apple-cloudkit.com
Response is <NSHTTPURLResponse: 0x7f9e0b608140> { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers {
"Apple-Originating-System" = (
UnknownOriginatingSystem
);
Connection = (
"keep-alive"
);
"Content-Encoding" = (
gzip
);
"Content-Type" = (
"application/json; charset=UTF-8"
);
Date = (
"Thu, 01 Nov 2018 21:50:44 GMT"
);
Server = (
"AppleHttpServer/2f080fc0"
);
"Strict-Transport-Security" = (
"max-age=31536000; includeSubDomains;"
);
"Transfer-Encoding" = (
Identity
);
Via = (
"xrail:st11p00ic-qugw02260201.me.com:8301:18H66:grp60",
"icloudedge:da21p00ic-hygw02120901:7401:18RC572:Dallas"
);
"X-Apple-CloudKit-Version" = (
"1.0"
);
"X-Apple-Request-UUID" = (
"df01554a-fafb-4619-b1f4-9f1c5abe1aba"
);
"X-Responding-Instance" = (
"ckdatabasews:16303101:st42p63ic-ztfb09161201:8201:1820B278:f35ea39ef4d"
);
"access-control-expose-headers" = (
"X-Apple-Request-UUID, X-Responding-Instance",
Via
);
"apple-seq" = (
0
);
"apple-tk" = (
false
);
} }
Size of data is 2922
JSON Response is: {
records = (
{
created = {
deviceID = 2;
timestamp = 1541108961982;
userRecordName = "_d28c74d190a3782e89496b0a13437fef";
};
deleted = 0;
fields = {
signedTicket = {
type = BYTES;
value = "czhjaAEAAADwBQAA/wAAADCCBewwggL+MIICpKADAgECAggcrXLgBzKYBDAKBggqhkjOPQQDAjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE4MDUwMzA1MjI1N1oXDTE5MDYwMjA1MjI1N1owRDEgMB4GA1UEAwwXU29mdHdhcmUgVGlja2V0IFNpZ25pbmcxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJbqyhMrgDDTnHBoZheGp0mypFXTwAUJKmXKQamgz95BKOEzvSlkeBxp1oI7mMSewrQLbOjztegUxnaB4RAtOAqOCAVAwggFMMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUeke6OIoVJEgiRs2+jxokezQDKmkwQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFzaWNhNDAyMIGWBgNVHSAEgY4wgYswgYgGCSqGSIb3Y2QFATB7MHkGCCsGAQUFBwICMG0Ma1RoaXMgY2VydGlmaWNhdGUgaXMgdG8gYmUgdXNlZCBleGNsdXNpdmVseSBmb3IgZnVuY3Rpb25zIGludGVybmFsIHRvIEFwcGxlIFByb2R1Y3RzIGFuZC9vciBBcHBsZSBwcm9jZXNzZXMuMB0GA1UdDgQWBBSvkaFMaSOwRfsIVbF12z5+m2d5XjAOBgNVHQ8BAf8EBAMCB4AwEAYKKoZIhvdjZAYBHgQCBQAwCgYIKoZIzj0EAwIDSAAwRQIgWUBuPT4qbzW2paWYyyLINmhuQphzZj8ZXnNuflZB5kECIQCZBAp3F09H5C4WdMQdX3RUPL1a6udCdIi7QWtRMsiuOjCCAuYwggJtoAMCAQICCDMN7vi/TGguMAoGCCqGSM49BAMDMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE3MDIyMjIyMjMyMloXDTMyMDIxODAwMDAwMFowcjEmMCQGA1UEAwwdQXBwbGUgU3lzdGVtIEludGVncmF0aW9uIENBIDQxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAZrpFZvfZ8n0c42jpIbVs1UNmRKyZRomfrJIH7i9VgP3OJq6xlHLy7vO6QBtAETRHxaJq2gnCkliuXmBm9PfFqjgfcwgfQwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtYXBwbGVyb290Y2FnMzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAdBgNVHQ4EFgQUeke6OIoVJEgiRs2+jxokezQDKmkwDgYDVR0PAQH/BAQDAgEGMBAGCiqGSIb3Y2QGAhEEAgUAMAoGCCqGSM49BAMDA2cAMGQCMBUMqY7Gr5Zpa6ef3VzUA1lsrlLUYMaLduC3xaLxCXzgmuNrseN8McQneqeOif2rdwIwYTMg8Sn/+YcyrinIZD12e1Gk0gIvdr5gIpHx1Tp13LTixiqW/sYJ3EpP1STw/MqyZzh0awIAFAALAAAAAAAAAOF021sAAAAAAk3KBKNGW5WGZCMyPX8+HjGtOsDvAlDgR63nlb6pEA+hkKhE0q0tT4RQAjOffZ5ht4cOrdIBiX3SixrrdpsKAlUlAxz4ULfGd9TMxRWNHjRrvfJKAjKDMyQKcVLskN7lslJ9Vl898FKaAkA3ZKSK+Z1j8DpYPVCf/lo0/EloAomqveGyGUoCClkGwyDZN75QVqH0Ah3TWXvQ6+MRu2uJj5ox3gLFyCbbAguPF5TMKygcsuMhhi36bua9337yAkx/LZhS933RUvLZ+VBrlY5AxFcdAiXYL/9FfhqeZNILlAFiM6JIl+C+MEQCICk9NpsTvakIYLKv0liP+hEe4qq3mWKO9YbwvOd4JSc5AiAv7gQf3Yi9vzgeSOmnp/CpvPyfGxDozDk6LFYqp4S5NQAA";
};
};
modified = {
deviceID = 2;
timestamp = 1541108961982;
userRecordName = "_d28c74d190a3782e89496b0a13437fef";
};
pluginFields = {
};
recordChangeTag = jnz4hhh5;
recordName = "2/2/4dca04a3465b95866423323d7f3e1e31ad3ac0ef";
recordType = DeveloperIDTicket;
}
);
}
Downloaded ticket has been stored at file:///var/folders/rm/5lrbl4h12qs4jnw1g6pwbcvc0000gn/T/df01554a-fafb-4619-b1f4-9f1c5abe1aba.ticket.
Attempting to attach a new ticket to Beacon.dmg. Let's see how that works out.
Cloned /Users/thommcgrath/Documents/The ZAZ Sources/Beacon/Installers/Mac/Output/Beacon.dmg to /var/folders/rm/5lrbl4h12qs4jnw1g6pwbcvc0000gn/T/TemporaryItems/(A Document Being Saved By stapler)/Beacon.dmg
Adding 4 blobs to superblob. What about Blob?
Adding blob of size 294 to offset 44.
Adding blob of size 168 to offset 338.
Adding blob of size 8931 to offset 506.
Length of new ticket blob is 1871
A copy of the new disk image blobs and headers has been saved to /var/folders/rm/5lrbl4h12qs4jnw1g6pwbcvc0000gn/T/B5B0D4A5-4463-42DD-BCC1-E8D4FF3FCD24-12299-0000276F98C6A557.dmgData. Enjoy.
Processing: /Users/thommcgrath/Documents/The ZAZ Sources/Beacon/Installers/Mac/Output/Beacon.dmg
Properties are {
NSURLIsDirectoryKey = 0;
NSURLIsPackageKey = 0;
NSURLIsSymbolicLinkKey = 0;
NSURLLocalizedTypeDescriptionKey = "Disk Image";
NSURLTypeIdentifierKey = "com.apple.disk-image-udif";
"_NSURLIsApplicationKey" = 0;
}
Codesign offset 0xa845e1 length: 11308
Stored Codesign length: 11308 number of blobs: 4
Total Length: 11308 Found blobs: 4
Props are {
cdhash = <4dca04a3 465b9586 6423323d 7f3e1e31 ad3ac0ef>;
digestAlgorithm = 2;
flags = 0;
secureTimestamp = "2018-11-01 21:30:30 +0000";
signingId = Beacon;
teamId = E3JM6H56CP;
}
The staple and validate action worked!
Hopefully exit codes will provide me some useful information, because getting bash to recognize anything from that will be a chore.
[quote=410770:@Krzysztof Mitko]Before you start a flame about the evil communist Apple enslaving the sheeple and how dare anyone not bow before the free software and Holy Stallman who is its Prophet
The post on Apple site states: “in an upcoming release of macOS, Gatekeeper will require Developer IDsigned software to be notarized by Apple”. The app notarizing is going to be the requirement for signed apps. Nothing in the post indicates it will no longer be possible to run unsigned apps, unless you want to make the slippery slope argument that it MAY happen someday. Don’t panic, people.[/quote]
I fully agree with the two thoughts I also think that running unsigned applications is basic principle of desktop software I do not believe in any way that Apple would restrict the use of home-made software for example, this would be a suicide to the platform, as I know dozens of cases in which the companies themselves develop software for their internal use and in no way undergo validated by Apple.
Sam, of course I agree with you that the IOS platform is more important to Apple, but not by far the amount of Macs sold in the world is negligible in terms of values.
I base my idea on the fact that Macs are used massively in Arts, Design and Development, so Apple will not ruin this corporate market just out of stubbornness, that’s my impression.
Apple isn’t a charity.
The second they feel they aren’t going to profit enough from Macs, they will drop them in a heartbeat.
Look at floppy drives, CD drives, ‘Normal’ USB ports… 3.5mm sockets
Apple tries to look 5 years ahead and do it now…
Apple did have a hold on the Photography industry; then they abandoned it, allowing Adobe to pretty much rule; which worked against Apple as most Adobe products run better on Windows and with Touch screen and pen support on Windows hardware, working with full adobe apps.
Yosemite cost Apple a TV network here in Taiwan as it caused too many problems, so the production team went with Adobe and Windows.
Ive witnessed a iOS games company abandon the Mac as they switched to a 3rd Party dev tool and Windows hardware, allowing them to debug their games on Touch hardware, and add support for Windows and Android.
I think in order to hold down the fort; Apple needs to double down on providing good quality and reliable hardware, while slowing down the frequency of new macOS versions, so that the new versions have more QA, with features that actually benefit the market.
After thirty years on the Mac, in the last couple of years I often find myself musing what keeps me with Apple. If it were not for the few bucks I still get from my Xojo apps, I would not see any reason to “hold the fort”. And should returns from selling apps drop under 100 USD/month, then, sorry, good bye Apple: no more reasons to invest in over 1200 USD in hardware in order to do smallish jobs that can be done on a 300 USD Lenovo machine. The only regret would be my forced good bye to Xojo too.
Although I agree Apple is taken some odd decisions lately, I still have some good sales compared to Windows.
I mean, macOS user still have the decency to pay for apps. The first thing Windows users do is search for a cracked version.
In my experience, with the same app for both platforms, it’s 80% sales for macOS en 20% for Windows
So basically if I leave macOS behind, my sales will plummeting down to 20%
Charity ?
They are millionaire profits with Mac sales, they are the most expensive computers on the market, I do not know what charity this is.
Of course compared to iphone is much smaller but still is a lot of money !
[quote=412852:@Sam Rowlands]
Apple did have a hold on the Photography industry; then they abandoned it, allowing Adobe to pretty much rule; which worked against Apple as most Adobe products run better on Windows and with Touch screen and pen support on Windows hardware, working with full adobe apps.
Yosemite cost Apple a TV network here in Taiwan as it caused too many problems, so the production team went with Adobe and Windows.
Ive witnessed a iOS games company abandon the Mac as they switched to a 3rd Party dev tool and Windows hardware, allowing them to debug their games on Touch hardware, and add support for Windows and Android.
I think in order to hold down the fort; Apple needs to double down on providing good quality and reliable hardware, while slowing down the frequency of new macOS versions, so that the new versions have more QA, with features that actually benefit the market.
I want to believe…[/quote]
Sam, I agree with most of your comments but I reaffirm that Image Manipulation, Design and Advertising worldwide is dominated by Macs, I do not think they will want to lose this market thread just to satisfy egos within the company.
