search

sveinbjornt / Sloth

Mac app that shows all open files, directories, sockets, pipes and devices in use by all running processes. Nice GUI for lsof.
https://sveinbjorn.org/sloth
BSD 3-Clause "New" or "Revised" License
8.26k stars 156 forks source link

Sloth 3.3 Application Unnotarized Developer ID #32

Open uurazzle opened 5 months ago

uurazzle commented 5 months ago

Hi:

Thanks for making Sloth available to the community.

The latest release of the Sloth 3.3 application is not notarized.

For example...

spctl -a -vvv -t install /Applications/Utilities/Admin/Sloth.app 
/Applications/Utilities/Admin/Sloth.app: rejected
source=Unnotarized Developer ID
origin=Developer ID Application: Sveinbjorn Thordarson (5WX26Y89JP)

The app or component was signed with an Apple-issued Developer ID certificate but not appear to be notarized. Since the exceptions described above for the Developer ID status are not met, macOS will not allow this code to run (unless it is found to be notarized when Gatekeeper runs).

If you attempt to run an application on macOS that has not been notarized with a developer ID, you may encounter a security warning or prompt. macOS includes a feature called Gatekeeper, which helps protect your Mac from running malicious software by checking the developer ID of applications before allowing them to run.

When you try to open an application that is not notarized, Gatekeeper may display a warning message indicating that the application is from an unidentified developer or has not been notarized. You may see a message like "macOS cannot verify the developer of this app" or "This app cannot be opened because the developer cannot be verified."

To bypass this warning and open the application, you can right-click on the application icon and select "Open" from the context menu. You'll then see an option to open the application despite the security warning. Keep in mind that bypassing this warning poses a potential security risk, as the application has not undergone Apple's notarization process, which helps ensure that it is from a trusted source and has not been tampered with.

https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution

zenspider commented 1 week ago

This appears to be no longer bypassable on Sequoia (15.0)... This app is unrunnable as a result.

zenspider commented 1 week ago

For the record, 3.2 crashes on launch on Sequoia... so this app is DOA currently.

zenspider commented 1 week ago

CORRECTION: you still can bypass! But you must open the Privacy & Security settings and click "Open Anyway" after right-click open