Heads up: macOS 10.15 requires notarized apps

[Jacob Carlborg]

On 2019-08-13 07:49, Jonathan M Davis wrote:

> Wouldn't that then mean that you couldn't run anything built by dmd either?

I looked into this a bit more. It looks like the OS (in this version at 
least) only checks applications with the quarantined flag. That's an 
extended attribute which is set when downloading a file using a browser 
(tested with Safari and Chrome). When I download the same file using 
"curl", it's not set. So that's not as bad as I thought it was.

I can run all my existing applications, both the ones I compiled and 
third party applications, which are definitely not notarized.

Notarizing an application requires to adopt the Hardened runtime. This 
means that, among other things, it's not possible to debug an 
application. During development, when using Xcode, it will automatically 
add what's called an entitlement that allows debugging. The notarization 
service will reject applications with this entitlement set. So it's only 
for development.

> If so, then while notarizing dmd would certainly be good, I'd expect that
> anyone seriously using a compiler would have to figure out how to tell the
> OS to stop complaining about applications which aren't notarized anyway
> (though if they made it so that you have to do that per application instead
> of globally, that would get _really_ annoying).

So far I have not found a way to do that for all applications, it's 
currently for each binary. Perhaps if System Integrity Protection is 
turned off.

-- 
/Jacob Carlborg