FabricMC / fabric-installer

An Installer for Fabric. For the vanilla launcher
Apache License 2.0
102 stars 66 forks source link

Notarise the Fabric installer for Mac #147

Open mrjasonn opened 1 month ago

mrjasonn commented 1 month ago

This seems like a useful change, as it would be easier to open it and it will give users more of a peace of mind that the Fabric installer is a safe piece of software. It is also going to be more annoying to open it in macOS 15 because they have removed the option to control click bypass notarisation requirement to open it and rather need you to go into settings and approve it, which is annoying.

modmuss50 commented 1 month ago

I would love to be able to do this, unfortunately its not possible to do without making my personal details public. I already pay for the developer account, so thats not the issue. I have looked into alterantive installation methods such as using the web filesystem API but thats not possible. If anyone has any suggestions please do let me know.

modmuss50 commented 1 month ago

Just doing a bit of reading, if https://developer.apple.com/forums/thread/663198 is to be believed if we dont ship native code in the jar we might be able to get away without needing to do it.

EDIT: just tried it, didnt help.

modmuss50 commented 1 month ago

One way around it might be to suggest to people to run it via the terminal. a command such as:

curl -O https://maven.fabricmc.net/net/fabricmc/fabric-installer/1.0.1/fabric-installer-1.0.1.jar && java -jar fabric-installer-1.0.1.jar

Seems to work ok for me?

mrjasonn commented 1 month ago

One way around it might be to suggest to people to run it via the terminal. a command such as:

curl -O https://maven.fabricmc.net/net/fabricmc/fabric-installer/1.0.1/fabric-installer-1.0.1.jar && java -jar fabric-installer-1.0.1.jar

Seems to work ok for me?

People might not want to do this, as they might think going to the terminal to do it is complicated. They might be concerned that it is malware as it basically bypasses security checks, if it does not prompt you that its not notarised and you have never authorised it to bypass notarisation before. People are much more scared these days of malware, as there are many people who make Minecraft ratmods to try to steal accounts nowadays. This is something we should think about.