VSCodium / vscodium

binary releases of VS Code without MS branding/telemetry/licensing
https://vscodium.com
MIT License
25.64k stars 1.12k forks source link

VSCodium 1.85.2 on macOS Unnotarized Developer ID Issue #1786

Closed uurazzle closed 4 months ago

uurazzle commented 10 months ago

FYI:

VSCodium 1.85.2 on macOS Unnotarized Developer ID Issue

spctl -a -vv /Volumes/VSCodium/VSCodium.app /Volumes/VSCodium/VSCodium.app: rejected source=Unnotarized Developer ID origin=Developer ID Application: Peter Squicciarini (C7S3ZQ2B8V)

When “assessing” code for execution, Gatekeeper evaluates each of these requirements in turn, and the first one that matches (if any) is the applicable policy. Most of the policies are allow types, meaning that matched code is allowed to run, but there are also deny types (such as Unnotarized Developer ID), which means that matched code is prohibited from running.

Here is some interesting general information to check about resolving and testing against Gatekeeper problems:

Resolving Gatekeeper Problems | Apple Developer Forums:

The post titled "Resolving Gatekeeper Problems" on the Apple Developer Forums, written by Quinn "The Eskimo!" from Developer Technical Support at Apple is a comprehensive guide addressing common issues related to Gatekeeper on macOS. Gatekeeper is a security feature designed to ensure that only trusted software runs on a user's Mac, and the post focuses on helping developers troubleshoot and resolve issues that may arise in this context. The post identifies four common Gatekeeper problems that developers may encounter:

  1. App blocked by a dangling load command path.
  2. Broken code signature.
  3. Lack of notarization.
  4. Command-line tool blocked by Gatekeeper.

For each of these issues, the post provides detailed steps and guidance on how developers can resolve them. The emphasis is on the importance of passing Gatekeeper checks to maintain customer trust and avoid potential loss of customers. Key points covered in the post include:

• Verification of Code Signature: Developers are advised to use the codesign tool to verify that their code is signed correctly. The post provides examples of command-line usage to check for issues such as missing or invalid sealed resources. • Notarization Issues: Gatekeeper requires that apps be notarized, and the post guides developers on how to identify and resolve notarization problems. It includes information on checking system logs for specific entries related to notarization issues. • Hash Mismatch: In cases where there's a hash mismatch, the post provides guidance based on the file type (e.g., zip archive, signed disk image, installer package) and recommends specific actions to address the problem. • Command-line Tool Blocking Bug: A known bug in macOS is acknowledged, where double-clicking a command-line tool in Finder may lead to it being blocked by Gatekeeper. Workarounds, such as embedding the tool in an application or using an installer package, are suggested.

Throughout the post, there are references to Apple's documentation and resources related to code signing and notarization, providing developers with additional information for a deeper understanding.

https://forums.developer.apple.com/forums/thread/706379

github-actions[bot] commented 4 months ago

This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment, and we'll keep it open. If you have any new additional information, please include it with your comment!