Godot binaries aren't code signed for macOS

[kvanbere]

Mac OS X 10.12.6 Sierra

Issue description: Downloaded version 2.1.4 of Godot from website. Can't run it at all. Running default security preferences.

[TomWor]

You'll have this issue with many open source applications, because the developers often don't have an Apple developer account that's required to sign those binaries. You'll have to adjust your security preferences.

[kvanbere]

Hi, thanks for response. On contrary, this is the first time I've ever had this problem, most developers just sign the apps. ie look at GIMP, Blender, Transmission, Python suite and others all signed .. if the issue is cost perhaps you could open up a way for the community to contribute on that front specifically.

Godot will never be mainstream adopted on this platform if it is not possible to open the application without changing security preferences from their defaults, unfortunately that's just the way it is.

[TomWor]

You're right and I don't know what the status is on that front. I guess it should be done for Godot 3 as I guess there will be quite a bit of news coverage and it'll be quite a bummer for Mac users to run into that.

[sbeca]

This doesn't solve the actual problem, but as a workaround you should be able to right-click on the app and select Open. Doing so will bring up the same warning dialog but should show an extra button that lets you continue on and open the app.

[kvanbere]

You're right, that does work as a workaround for me.

[akien-mga]

Likely won't change for 2.1.x, but yeah for 3.0 we should start looking into paying the Apple and Microsoft mafias to get our binaries "certified"...

[akien-mga]

Sadly I don't think I'll manage to get a certificate before the 3.0 release in January, so this will have to wait for a future release.. It's impressive how convoluted and badly documented this process is for FOSS projects.

[kvanbere]

Isn't it just a case of paying ~$100 yearly ? Surely the Godot project can source that from Patreon

Adoption without a certificate is going to be poor. The default behavior for OS X is to not allow you to open the binary and the process for overriding that is really convoluted (and overriding it permanently circumvents a legitimate security feature designed to prevent people from distributing malware with Godot)

[akien-mga]

It's not just "paying", otherwise any cracker could get a certificate for their virus. You need to verify your identity as a legal person, send a copy of your ID card to a CA, prove that you have the legitimacy to sign code in your name or your organisation's name, receive a USB stick that can be used to generate a certificate, and then you can start thinking about integrating that certificate into your buildsystem so that you binaries actually get signed. That's not something I can do on my free time in two weeks, so it will have to wait.

[nicholatian]

It’s been 9 months since the last response, so what’s the status of the bug? Are there still plans to have the executables signed, or is that no longer on the roadmap?

[akien-mga]

That's still a work in progress, bureaucracy takes time but we should have it working for 3.1-stable.

[akien-mga]

As of Godot 3.1 beta 6, Windows binaries (both editor and templates) are signed using @hpvb's company certificate (as approved by the Godot leadership): Prehensile Tales B.V.

macOS builds will soon be signed too.

[akien-mga]

As of Godot 3.1 beta 6, Windows binaries (both editor and templates) are signed using @hpvb's company certificate (as approved by the Godot leadership): Prehensile Tales B.V.

Before someone asks: the reason why we're using a certificate from @hpvb's company and no one from a "Godot company" is because there is no Godot company :) It could be clearer for end users if we had a certificate attributed to Software Freedom Conservancy, our legal sponsor, but discussions on that topic are not progressing so far so we have to use our own solution. Neither Juan nor I wish to use a certificate attributed to us personally, this has to be non-natural person (company or organization).

@hpvb is the owner of his company and completely trustworthy, as well as our release manager, so it makes sense to use his company certificate (which he provides pro bono). This will be documented on the downloads page to clear any potential misunderstanding.

[justinluk]

Is there a way I can sign my own exported games using my own company? It seems like people should be responsible for signing their own games instead of relying on @hpvb's company.

I've done signing with other game engines and frameworks but I'm not sure how you'd go about doing this with Godot.

[nicholatian]

I don't believe exported games have anything to do with this. While I don't know what utilities Godot provides for signing exported programs (if any), I'm pretty sure that's still in your court to do as a developer.

[kvanbere]

This issue is for Godot itself.

[jamie-pate]

For Catalina this situation just got more desperate, It seems like Gatekeeper is now removing +x permissions after extracting the zip!

https://appleinsider.com/articles/19/06/03/apples-macos-catalina-is-first-to-require-app-notarization-by-default

related:docs issue: https://github.com/godotengine/godot-docs/issues/2739#

[tavurth]

I'm now getting this more daunting message.

Example image:

[akien-mga]

To clarify, while we could sign the macOS binaries relatively easily now, macOS Catalina's new requirements that signed binaries should also be notarized (i.e. every single build should be sent to Apple so that they review it) is a pain that we don't plan to cope with for the time being.

Many developers of cross-platform applications use the same approach and hopefully Apple will one day figure out that their developer-adverse policies do more harm than good for their customers.

For Godot users, beyond the hoops you have to jump through to use the editor itself, it's your own responsibility to sign and notarize your own exported app bundles - if you wish to put up with Apple's requirements for the sake of your own customers. Even if we signed and notarized the Godot editor binary, we would not do it for the export templates as that's the game developer's own responsibility.

[toddhd]

Figured I'd mention that I came here with the exact same problem. If enough people ask for it, you never know. Just FYI, the "right-click and select open" fix no longer works in the latest version of the OS. I do use Unity but thought that Godot looks interesting.

[Calinou]

Can this be worked around by installing Godot using Homebrew?

brew cask install godot

If so, we should make this more prominent on the Download page.

[toddhd]

Can this be worked around by installing Godot using Homebrew?

brew cask install godot

If so, we should make this more prominent on the Download page.

No, makes no difference. The problem isn't with the installation, that works just fine, the problem is that it isn't signed, and Mac isn't happy with that.

[jamie-pate]

Not just signed, signed and notarized.

[kvanbere]

Thanks for trying so far.

Reiterating importance: Adoption without a certificate is going to be poor. The default behavior for OS X is to not allow you to open the binary and the process for overriding that is really convoluted (and overriding it permanently circumvents a legitimate security feature designed to prevent people from distributing malware with Godot)

[Calinou]

@donkeybonks Keep in mind the Steam version should work out of the box in the foreseeable future.

[b-hayes]

Still having this issue. Keep giving up and coming back again see if I can get it to run. So far month has gone by since I wanted to try Godot and this is the barrier for entry.

I can confirm that it does work fine via Steam tho. 👍

[tavurth]

Still having this issue. Keep giving up and coming back again see if I can get it to run. So far month has gone by since I wanted to try Godot and this is the barrier for entry.

Can you right click on the Godot application, and then click open? (Or control + click -> open, if you have no right click)

[TomWor]

Is the Steam Version notarized by Valve or why does that work?

Also, I know it the notarization thing with Apple is appaling and a PITA, but can't you take some of the donation money to just buy an Apple Developer license? Otherwise, just dropping MacOS support officially would be the cleaner cut than just having Godot users hang in limbo IMO.

[Calinou]

Is the Steam Version notarized by Valve or why does that work?

It works because Steam got a free pass for distributing unsigned binaries somehow :shrug: It's the same on Windows.

In the meantime, we can probably start advertising the Steam version more prominently on the macOS download page.

Also, I know it the notarization thing with Apple is appaling and a PITA, but can't you take some of the donation money to just buy an Apple Developer license?

It's not about money; we can definitely afford code signing licenses. It's about making the process fast and simple enough for @akien-mga so he doesn't have to spend days making each patch release :slightly_smiling_face:

Otherwise, just dropping MacOS support officially would be the cleaner cut than just having Godot users hang in limbo IMO.

Uh, that's quite a stretch… I think documenting this better will be better than nothing. We will eventually get to notarization one day, but it may take a while.

[TomWor]

It works because Steam got a free pass for distributing unsigned binaries somehow 🤷 It's the same on Windows.

That does not seem to be true (anymore): https://www.reddit.com/r/gamedev/comments/di61ms/have_a_mac_game_on_steam_heres_a_guide_to_signing/

Can someone confirm wether Steam Godot works on Catalina? I'm still on Mojave, for obvious reasons...

Otherwise, just dropping MacOS support officially would be the cleaner cut than just having Godot users hang in limbo IMO.

Uh, that's quite a stretch…

I didn't know the Steam version could still work on MacOS without notarizing, I guess then this version should be referred to from the downloads page. If even that way doesn't work anymore, over time, the complaints about Godot not working will skyrocket with Catalina user adoption. Therefore I think it would be better to have clear statement being made on the downloads page about that there is no way to use Godot on the Mac with Catalina or later MacOS versions - instead of dangling a carrot in peoples face it might be coming soon. I think the Godot release team are doing a fantastic job btw. - I'm just proposing this because we could really close the case on this and save some people the trouble of figuring it out via this Github issue.

[akien-mga]

Therefore I think it would be better to have clear statement being made on the downloads page about that there is no way to use Godot on the Mac with Catalina or later MacOS versions - instead of dangling a carrot in peoples face it might be coming soon.

Well there is a way to use Godot on Catalina, just add an exception to let macOS run it.

See last section on https://support.apple.com/en-us/HT202491

In macOS Catalina and macOS Mojave, when an app fails to install because it hasn’t been notarized or is from an unidentified developer, it will appear in System Preferences > Security & Privacy, under the General tab. Click Open Anyway to confirm your intent to open or install the app.

Alternatively, one can outright disable Gatekeeper:

sudo spctl –master-disable

See https://icculus.org/finger/flibitijibibo?date=2019-10-01&time=05-49-26 for details.

[tavurth]

Can someone confirm wether Steam Godot works on Catalina? @TomWor

I'm using Godot on Catalina, I had some troubles while opening it but: Ctrl + right click opened it fine.

After that it runs everytime without the warning as usual.

If others have difficulty, try going into:

• System preferences --> Security and privacy

There should be a small box saying: "Godot application was untrusted", click the orange lock button on the bottom left and then you should be able to allow Godot.

[jamie-pate]

Part of the problem is that gatekeeper will prevent the executable from having the +x bit when you extract it from an archive. Not sure if this is affecting the Godot download, but if it is then you also have to go into the extracted .app and chmod +x <binary> before the system will even let you right click to run

[kvanbere]

Also, if you can sign the app then the barrier to entry for distributing it on the App Store is suddenly a lot lower if you’re interested in reaching those users.

Off-topic but the App Store should be seen as a powerful marketing platform as it is tied in with the App Store mailing list that most Apple users receive.

[b-hayes]

Still having this issue. Keep giving up and coming back again see if I can get it to run. So far month has gone by since I wanted to try Godot and this is the barrier for entry.

Can you right click on the Godot application, and then click open? (Or control + click -> open, if you have no right click)

Nope, the same dialogue appears nothing different from just double-clicking it. Move to bin is the only option.

I even tried installing via homebrew and running it from the command line.

The only way to run it is through steam.

[jamie-pate]

you also have to go into the extracted .app and chmod +x <binary> before the system will even let you right click to run

Does manually setting the app binary as executable help?

[tommywalkie]

Adding this Defold forum post link for reference, which provides a screenshot with some insights from a Steam admin about this subject in a Steamworks Steam group post, but the group apparently exceeded member limit so I can't check it by myself.

[bruvzg]

Apples Gatekeeper is not checking signature of the user mode apps without com.apple.quarantine extended file attribute, most browsers and archive extractors are setting it for all downloads, Steam do not. Also, you can unset it using xattr -r -d com.apple.quarantine AppName.app command.

[kthornsbury]

Apples Gatekeeper is not checking signature of the user mode apps without com.apple.quarantine extended file attribute, most browsers and archive extractors are setting it for all downloads, Steam do not. Also, you can unset it using xattr -r -d com.apple.quarantine AppName.app command.

This solved my problem with nothing else would. Thank you so much!

[shayneoneill]

The Notarized stuff might well end up being the thing that gets apple zapped for anti-competitive behavior, if they extend it to the mac as already regulators are sniffing about asking "What happens if someone wants to use a non-apple app store?". Valve would have a very strong case to ask the EU and Australian regulators to force apple to back that stuff off if it prevents Steam from working (Im not sure if the US ones would intervene in the current politicial climate, but the EU and Australian ACCC are both pretty aggressive and the EU competition authorities are known to enact silly-money billion dollar punishments.

Although I'm very concerned apple may well just do it anyway for these new ARM based macs.

[karismatic-megafauna]

Wow, sorry @akien-mga for this nightmare Apple has put you through. What ridiculous policies and a terrible experience for developers.

The best way to get around this issue for me was what was posted by @kthornsbury -> xattr -r -d com.apple.quarantine /Applications/Godot.app

If you are having similar issues, give this a shot!

[tavurth]

I have this issue every time I re-download the app, however I've not found it to be much trouble to bypass on OS Catalina:

Right click -> open (first time it'll complain that it's not signed, and give no option to open) Right click -> open (second time gives option to open) After that it'll open first time without issue.

Seems like Apple makes this as difficult as possible, and I understand Godot's perspective.

if others are still having trouble with this, try downloading Godot from Steam!

[Calinou]

I made a website about disabling macOS Gatekeeper: https://disable-gatekeeper.github.io/

Don't hesitate to bookmark and share it :slightly_smiling_face:

[bruvzg]

On macOS Big Sur running on ARM all executable must be signed or won't run at all, ad hoc signature is sufficient (as long as Gatekeeper is disabled/bypassed as described in the previous comment).

https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11-universal-apps-beta-release-notes

[bruvzg]

Starting from Godot 3.3, macOS editor binaries are signed and notarized.

[kvanbere]

Well done guys.

[kthornsbury]

I appreciate you all! Thanks!