Open jonmmease opened 4 years ago
After a bit of research and experimentation, it looks like Gatekeeper will only check for code signatures for files/apps that have the com.apple.quarantine
xattr set. This gets set by web browsers and email clients when files are downloaded, but it isn't set by the pip
and conda
package managers so users getting kaleido in the Python wheel shouldn't run into issues with Gatekeeper flagging it. Not sure about other language specific package managers
References:
Will keep this issue open as code signing would still be a good idea eventually, but it doesn't need to block the initial release.
When distributed as a conda package, orca didn't get blocked by Gatekeeper in order to run, but it did get blocked when attempting to bind to a local port. See https://github.com/plotly/orca/issues/269.
Kaleido won't run into this issue because it doesn't use ports for communication.
We should work out how to digitally sign the MacOS kaleido binary so that it doesn't get blocked by the default settings of Gatekeeper.
Looks like we could do this from the command using the
codesign
command after the build has been completed: https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html