PharoLauncher.app fails to launch on OS X 10.15 and above because the application has not been notarized. Instead of seeing Pharo Launcher, the user is presented with this disconcerting message:
Note that there is no option for the user to override this check and continue. I believe this experience is negative enough to dissuade many casual potential OS X users of Pharo from giving it a try. It's probably also preventing more interested users as well.
PharoLauncher installation itself is ok.
The Hardened Runtime, along with System Integrity Protection (SIP), protects the runtime integrity of your software by preventing certain classes of exploits, like code injection, dynamically linked library (DLL) hijacking, and process memory space tampering.
This means we must sign with the --options=runtimeoption. But hardened runtime does not allow JIT code so we need, to add entitlements to disable an individual protection.
demarey
commented
2 years ago
Bug description
PharoLauncher.app fails to launch on OS X 10.15 and above because the application has not been notarized. Instead of seeing Pharo Launcher, the user is presented with this disconcerting message:
Note that there is no option for the user to override this check and continue. I believe this experience is negative enough to dissuade many casual potential OS X users of Pharo from giving it a try. It's probably also preventing more interested users as well.
PharoLauncher installation itself is ok.
The same problem exists for the VM and is reported here: https://github.com/pharo-project/pharo/issues/9833
Steps to achieve notarization
Automation
To ease the notarization process, we will use the xcnotary tool https://github.com/akeru-inc/xcnotary. We need to provide the Apple Developer account and a keychain item containing the developer password. It can be setup by using
xcrun notarytool store-credentialstool as explained in https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow#3087734