search

la5nta / pat

A cross-platform Winlink client written in Go
https://getpat.io
MIT License
480 stars 86 forks source link

Unable to install pkg on macOS Catalina (Notarization Requirement) #188

Open tjchambers opened 4 years ago

tjchambers commented 4 years ago

screenshot_249

Running Catalina 10.15.

Is there a workaround?

martinhpedersen commented 4 years ago

Hi,

this is the dreaded Notarization Requirement that Apple introduced with macOS Catalina. https://developer.apple.com/news/?id=06032019i

I don't know if it is possible to configure macOS to ignore this requirement for some binaries.

The long term fix is to notarize the binary and pkg for each release. That will probably require me to get an Apple Development Program subscription (99 USD / year) for the project. Which is a very high cost considering that only 5% of total Pat downloads are for macOS.

I'm considering dropping the pre-built binaries for macOS in future releases, and to find another way to distribute the releases to macOS users (e.g. homebrew).

Currently, macOS does not require command line apps to be signed.. but they will eventually.

For now, I believe you can work around it by building Pat from source.

I am very sorry for the inconvenience, but this Notarization Requirement is out of my control.

If someone with an Apple Developer Program is willing to maintain (build, sign and notarize) macOS builds in the future then please let me know.

martinhpedersen commented 4 years ago

Just to clarify: The requirement is that the Installer package (pkg) is notarized, but that's just temporary as Apple is soon going to require all binaries to be notarized and signed as well.

DC7IA commented 4 years ago

The simple workaround he asked for is this: https://support.apple.com/en-gb/guide/mac-help/mh40616/mac

This will exempt the software so that it can be run just like any other software.

I think we should add that to FAQ on the wiki.

DC7IA commented 4 years ago

I've added it to the FAQ section.

martinhpedersen commented 4 years ago

Excellent! Thank you 👍

I'll leave this one open. Hopefully we can provide properly signed binaries for macOS in the future.

martinhpedersen commented 2 years ago

Starting with v0.12.0 I think we should stop signing the macOS pkg.

It looks like this workaround that @DC7IA added to the FAQ works regardless of pkg signing. So it serves very little purpose to sign the pkg now that Apple also requires binary notarization, and the same workaround is required regardless.

Keeping this issue open though. as the proper (costly) solution is to sign and notarize the macOS package.