Closed jaketmp closed 11 years ago
I suspect it is under NDA at the moment. I'm not a paid member of any Apple dev program so don't know any more either!
But some thoughts...
Yes - I'm seeing a lot of diverging opinions on this, quite a few folks say that Gatekeeper only runs at the point where the 'File Quarantine' dialogue would pop-up under 10.7 - since quick look and spotlight don't seem to care about the quarantine extended attribute, there may be no effect at all.
But - this seems like a hopelessly naive way for gatekeeper to behave.
Incidentally, poking around (https://developer.apple.com) doesn't reveal anything regarding code signing for folks who aren't subscribed to one of the paid programs… The NDA strikes again…
Looks like you can enable gatekeeper under 10.7.3 for testing via:
sudo spctl --enable
Think I'll wait until I have time to deal with any consequences before giving it a shot though…
I would think that quicklookd and mds (the daemons, anyway) are the things that would be sandboxed/need signing not the plugins per-se. But will they refuse to load unsigned plugins? IMHO if they don't that's a socking great hole in the sandbox.
Also look at an Xcode project. For an app target, you get Entitlement settings etc. For QuickLook/Spotlight plugin targets, you do not.
I'll post a question about sandboxing and plugins on xcode-users and see if I get any interesting replies.
Gatekeeper seems not to affect plugins at all - xattr -p com.apple.quarantine
show the quarantine bit set on the qlplugin, and all still works.
How do the code signing requirements in Mountain Lion effect Spotlight / QuickLook plug-ins. - I can't find any good documentation for this at them moment - may still be under NDA.