Hacker News new | ask | show | jobs
by anentropic 1879 days ago
And, not mentioned in the article... you have to have an Apple Developer ID which costs £79/year ($99). Presumably if your subscription lapses any previously released software will stop working?

That is the part I find most offensive, if it was just difficult and buggy I would suck it up and work around it. But having to pay for the privilege is too painful, particularly if you're offering free software.

For my case (non GUI app) I can at least distribute via Homebrew and have the user build from source in a more or less automated way.

Another notarization helper tool is here https://github.com/mitchellh/gon
2 comments
galad87 1879 days ago
No, if your subscription lapses previously released software won't stop working. If you are offering free software you can sign with an ad-hoc certificate, and instruct the user on how to bypass gatekeeper, which isn't great at all but it doesn't cost any $$.
link
anentropic 1879 days ago
Looks like this explains how: https://www.digicert.com/kb/code-signing/mac-os-codesign-too... but... "only Apple Developer code signing certificates are compatible with GateKeeper"

Does code-signing with an ad hoc certificate and no notarization provide any better experience than just unsigned code?

Do you get a friendlier message (c/f "malicious software: Move to Trash") when Gatekeeper blocks it?

link
galad87 1879 days ago
Unsigned (arm64) binaries don't run at all on M1 Macs, so yes, an ad-hoc certificate provides a better experience ;)
link
anentropic 1879 days ago
I just tried an unsigned bin on M1 Big Sur and the experience is the same:

it's initially blocked with a "Move to Trash" dialog

but you can go to security prefs and click "allow anyway"

Then try again, click "open" rather than "move to trash" on another warning dialog and the file does get run.

I haven't tried a signed+un-notarized one but it sounds like it'd be similar?

link
saagarjha 1879 days ago
I suspect that the code you're trying to run is ad-hoc signed.
link
anentropic 1879 days ago
Not by me... and it's my own code build from src in a github action.
link
sneak 1878 days ago
Instructing users on how to bypass gatekeeper is a nonstarter, as explained here:

https://lapcatsoftware.com/articles/unsigned.html

This simply is not a viable distribution method for the mass market. Apple has positioned apps from devs that pay Apple so far above apps from devs that don't that you cannot compete outside of their subscription revenue model.

link
sitharus 1879 days ago
Code signing isn’t linked to an active developer subscription, if it lapses all existing signatures are still valid - you just can’t sign more.
link
foepys 1879 days ago
What happens when the cert root expires? Does it not expire or does Apple grant an eternal valid signature when apps were signed before the root expired?
link
jerrysievert 1879 days ago
For apps I’ve downloaded on my iPhone, there are sometimes updates that denote Apple updated the key. Assuming that’s App Store only behavior though.
link
saagarjha 1879 days ago
Apple just did this recently for iOS 14.5, actually.
link