Closed davidrothera closed 1 year ago
pallotron
commented
1 year ago yeah I noticed the warning when I download and tried 0.14 Reading "Step 3 - Generate an app-specific password"... one need to generate this password, but assuming we do this we need to have a place where to store it/share it between devs
pallotron
commented
1 year ago oh...
Note: this is a password that will be specific to the notarization application (xcrun altool) and not to the application being notarized. You therefore only need to do this once, but make sure you copy the generated password and save it somewhere.
so it is per dev?
davidrothera
commented
1 year ago so it is per dev?
Yup, it's just a password so the binary can be uploaded to Apple with my dev account.
I'll possibly onboard the various builds and package steps into using https://fastlane.tools which will still run locally but abstracts away the multiple steps needed.
davidrothera
commented
1 year ago Bad news, it appears that enabling "hardened runtime" also stops the privileged helper being able to capture and stop events.
I'll have to shelve this for now and investigate some other options.
davidrothera
commented
1 year ago Closing this for now as hardened runtime is a non-starter with our current architecture.
As of a few years ago Apple now requires apps to be "notarized" so that they are screened for malware and other issues. This is presented to the user as warnings/errors when opening dmg images as well as running the apps themselves.
One requirement for us to be able to notarize the app is enable the "hardened runtime" which limits capabilities of the app but functionality remains working ok.
This PR enables those changes so we can then publish new notarized releases.
Notes for how to notarize are from here