Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Gatekeeper and signing software...


  • Please log in to reply
15 replies to this topic

#1 doh123

doh123

    Wineskin Developer

  • Members
  • 4,279 posts
  • LocationOver here
  • Graphics Card:Geforce GT 650M, Intel HD 4000, Radeon 6750, Intel HD 3000, Geforce 320m (in 3 machines)
  • Operating System:OS X 10.8 (Mountain Lion)
  • I like to play:RPG and Strategy

Posted 21 June 2012 - 06:29 PM

Has anyone seen a way to actually get Apple to let you sign your software for free like they claimed was going to be possible.  Everything i see recently says you MUST be a paying Dev in order to sign anything...

just like at this link...
https://developer.ap...011201-CH12-SW2
is says

Quote

Only Mac Developer Program members are eligible to request Developer ID certificates and sign applications or installer packages using them.

This is really bad news for freeware apps, as they will all have Gatekeeper problems unless Apple gets paid their $99/year.

I'm probably going to be moving Wineskin over to be a hobby project supported by my company, which will soon be a registered developer, so I can use that to sign Wineskin.app and Wineskin Winery.app ... but hobby ports will have no way to sign an actual finished wrapper.

#2 doh123

doh123

    Wineskin Developer

  • Members
  • 4,279 posts
  • LocationOver here
  • Graphics Card:Geforce GT 650M, Intel HD 4000, Radeon 6750, Intel HD 3000, Geforce 320m (in 3 machines)
  • Operating System:OS X 10.8 (Mountain Lion)
  • I like to play:RPG and Strategy

Posted 22 June 2012 - 12:25 AM

LOL... yeah that would be good, just disable it for people wether they want it or not?  no... if you mean somehow disable it just for the one app, no.. because it checks before your app even starts to run.

#3 devilhunter

devilhunter

    just dancing to the beat

  • Administrators
  • 3,051 posts
  • LocationSpace/Virgo Supercluster/Milky Way/Orion Arm/Earth
  • Graphics Card:NVIDIA 9800 GTX+
  • Operating System:Mac OS X 10.6 (Snow Leopard)
Author

Posted 22 June 2012 - 01:26 PM

I actually found a very easy workaround for this issue more than 1.5 years ago, when i made Central compatible with Lion.
Lion's "this app was downloaded from xyz, are you sure you want to open?" got upgraded into gatekeeper in ML, so i think my workaround should still work.
doh, have you got a Mountain Lion installation to test an app fro me if it throws up a gatekeeper warning if i send it to you?

And on another note, Basically every Wineskin Port orginates from the stock Wineskin Wrapper.
Can't you code sign the stock Wineskin Wrapper and all other created Wrappers from Winery all have the same Code Signing?
It would be sign just one app once, work everywhere.
Now this throws up the issue what code signing actually does.
I think it just looks if the mac executables have been tampered with, and ignores the rest of the additional resources in /Resources/drive_c, or am i wrong?
Basically that's a Wrapper. Base code which code signing checks does not get modified, but only additional resources in the app, which code signing is not made to check for.
Hello. Sadly, I am not active here on the Porting Team anymore, and therefore I cannot give support or answer questions to any of my posted Ports or posted topics.

- zero

#4 doh123

doh123

    Wineskin Developer

  • Members
  • 4,279 posts
  • LocationOver here
  • Graphics Card:Geforce GT 650M, Intel HD 4000, Radeon 6750, Intel HD 3000, Geforce 320m (in 3 machines)
  • Operating System:OS X 10.8 (Mountain Lion)
  • I like to play:RPG and Strategy

Posted 22 June 2012 - 01:54 PM

View Postdevilhunter, on 22 June 2012 - 01:26 PM, said:

I actually found a very easy workaround for this issue more than 1.5 years ago, when i made Central compatible with Lion.
Lion's "this app was downloaded from xyz, are you sure you want to open?" got upgraded into gatekeeper in ML, so i think my workaround should still work.
doh, have you got a Mountain Lion installation to test an app fro me if it throws up a gatekeeper warning if i send it to you?

And on another note, Basically every Wineskin Port orginates from the stock Wineskin Wrapper.
Can't you code sign the stock Wineskin Wrapper and all other created Wrappers from Winery all have the same Code Signing?
It would be sign just one app once, work everywhere.
Now this throws up the issue what code signing actually does.
I think it just looks if the mac executables have been tampered with, and ignores the rest of the additional resources in /Resources/drive_c, or am i wrong?
Basically that's a Wrapper. Base code which code signing checks does not get modified, but only additional resources in the app, which code signing is not made to check for.

On a creators machine they won't get pop ups for their wrappers.... it only does it when they share the wrappers with other people.  This is due to how I tar.7z things.

Signing the wrapper wouldn't work.  It would seem to, but its changed and it would still prompt about a problem when it gets to a new computer it hasn't been run on before.  I wouldn't be willing to do this anyways because I'd be letting everyone sign their stuff with my name... so if Apple didn't like something someone did, I and everyone could get blocked.

EDIT: gatekeeper seems slightly more inquisitive than the old "this was downloaded from the internet" thing.  They have changed it around some.

#5 HiPhish

HiPhish

    Champion Member

  • Members
  • 697 posts
  • Graphics Card:NVIDIA GeForce 9400M
  • Operating System:Mac OS X 10.7 (Lion)
Author

Posted 22 June 2012 - 01:57 PM

View PostHrachya, on 22 June 2012 - 12:38 AM, said:

Yeah I ment that. If they wanna use wineskin, then they should get used to disabling gatekeeper. Who even wants that? It just makes the user click a couple of more times on apps that are non-reg'd.
You will be able to turn Gatekeeper off globally via System Preferences and you will be able to keep Gatekeeper and set exceptions yourself. Gatekeeper is nopt a bad idea in itself and it has been created to protect the regular kind of user. You do not disable security features just like that, the user has to do it themself.
Games I own that still need porting:
Dark Messiah of Might & Magic, Descent 3, Fallout, Space Rangers 2

#6 doh123

doh123

    Wineskin Developer

  • Members
  • 4,279 posts
  • LocationOver here
  • Graphics Card:Geforce GT 650M, Intel HD 4000, Radeon 6750, Intel HD 3000, Geforce 320m (in 3 machines)
  • Operating System:OS X 10.8 (Mountain Lion)
  • I like to play:RPG and Strategy

Posted 22 June 2012 - 10:52 PM

nothing to do with programming...

say some app doesn't run right if someones firewall is on... would you want that app to disable your firewall on your system without even telling you when you ran it?

What if it didn't work right you have MS Word running, so it just kills MS Word with no warning....

Theres just stuff you don't do to urine off your customers or hurt their systems, or make them less secure.

#7 hmtinc

hmtinc

    Someone

  • Members
  • 1,315 posts
  • LocationCanada
  • Graphics Card:Nvidia GTX 760 (2048mb)
    Intel HD 4000 (512mb)
    Nvidia geforce 9400 (264mb)
  • Operating System:OS X 10.8 (Mountain Lion)
  • I like to play:Games
Author

Posted 23 June 2012 - 01:42 AM

View PostHrachya, on 23 June 2012 - 01:40 AM, said:

ok well im not into firewalls. Never learn anything about that.
You don't need to learn . You launch a application and click enable or disable
--
HM

#8 hmtinc

hmtinc

    Someone

  • Members
  • 1,315 posts
  • LocationCanada
  • Graphics Card:Nvidia GTX 760 (2048mb)
    Intel HD 4000 (512mb)
    Nvidia geforce 9400 (264mb)
  • Operating System:OS X 10.8 (Mountain Lion)
  • I like to play:Games
Author

Posted 23 June 2012 - 02:24 AM

View PostHrachya, on 23 June 2012 - 01:44 AM, said:

We weren't talking about that :P Doh said that if you disable gatekeeper it might screw up a few apps, so I said I haven't learned anything about it.
Yes turing gatekeeper on and off is as simple as clicking a button
--
HM

#9 doh123

doh123

    Wineskin Developer

  • Members
  • 4,279 posts
  • LocationOver here
  • Graphics Card:Geforce GT 650M, Intel HD 4000, Radeon 6750, Intel HD 3000, Geforce 320m (in 3 machines)
  • Operating System:OS X 10.8 (Mountain Lion)
  • I like to play:RPG and Strategy

Posted 23 June 2012 - 02:40 AM

View PostHrachya, on 23 June 2012 - 01:40 AM, said:

ok well im not into firewalls. Never learn anything about that.
really...?  it was an example... My meaning is you don't mess with a users settings, especially their security settings without them having the choice, or what you made is malware.

#10 doh123

doh123

    Wineskin Developer

  • Members
  • 4,279 posts
  • LocationOver here
  • Graphics Card:Geforce GT 650M, Intel HD 4000, Radeon 6750, Intel HD 3000, Geforce 320m (in 3 machines)
  • Operating System:OS X 10.8 (Mountain Lion)
  • I like to play:RPG and Strategy

Posted 23 June 2012 - 04:10 AM

???
just trying to tell you... don't make malware.

#11 doh123

doh123

    Wineskin Developer

  • Members
  • 4,279 posts
  • LocationOver here
  • Graphics Card:Geforce GT 650M, Intel HD 4000, Radeon 6750, Intel HD 3000, Geforce 320m (in 3 machines)
  • Operating System:OS X 10.8 (Mountain Lion)
  • I like to play:RPG and Strategy

Posted 23 June 2012 - 05:03 AM

really...?
I've only seen it used to show disbelief.

#12 HiPhish

HiPhish

    Champion Member

  • Members
  • 697 posts
  • Graphics Card:NVIDIA GeForce 9400M
  • Operating System:Mac OS X 10.7 (Lion)
Author

Posted 23 June 2012 - 08:06 AM

You don't need to know anything about computers or programming to know that turning off a users security features is an absolute taboo. That's like the mail man picking the lock to your appartment to deliver your mail, you wouldn't want that either, would you? In tha same way you don't change the users any other settings, because the users has chosen those settings (or they were the defaults and the user stuck with them because they were fine) and changing anything would be changing how the users works with his environment. That's like me coming over to your house and re-arranging your furniture (after picking your lock).
Games I own that still need porting:
Dark Messiah of Might & Magic, Descent 3, Fallout, Space Rangers 2

#13 doh123

doh123

    Wineskin Developer

  • Members
  • 4,279 posts
  • LocationOver here
  • Graphics Card:Geforce GT 650M, Intel HD 4000, Radeon 6750, Intel HD 3000, Geforce 320m (in 3 machines)
  • Operating System:OS X 10.8 (Mountain Lion)
  • I like to play:RPG and Strategy

Posted 23 June 2012 - 01:05 PM

View PostHrachya, on 23 June 2012 - 08:24 AM, said:

Dude, I didn't know this

"What if it didn't work right you have MS Word running, so it just kills MS Word with no warning...." Didnt know that could happen by disabling gatekeeper. Alright? Now let's forget it.
it can't... i was giving you other examples of doing stupid things in your program that would be just as bad as disabling gatekeeper for the user.

#14 HiPhish

HiPhish

    Champion Member

  • Members
  • 697 posts
  • Graphics Card:NVIDIA GeForce 9400M
  • Operating System:Mac OS X 10.7 (Lion)
Author

Posted 23 June 2012 - 02:44 PM

Couldn't we just keep things as they are? The porter would just have to put a note in the instructions to set this one app as an exception; it would be inconvenient, but it would be according to the rules. Besindes, even if Apple allowed free developers to sign their applications users still often need to make small adjustments to ports, which would brake the signature process anyway.

On a related note, there is a video presentation on Gate Keeper from the WWDC online and I saw that when the speaker changes something in the app's contents the app refused to run at all. Could this happen if someone tinkered with a siged app? If so, then signing our ports would actually be a bad idea. The speaker did not go into detail unfortunately.

View PostHrachya, on 23 June 2012 - 08:24 AM, said:

Dude, I didn't know this

"What if it didn't work right you have MS Word running, so it just kills MS Word with no warning...." Didnt know that could happen by disabling gatekeeper. Alright? Now let's forget it.
Calm down, I was just trying to explain why it would be a bad idea.
Games I own that still need porting:
Dark Messiah of Might & Magic, Descent 3, Fallout, Space Rangers 2

#15 HiPhish

HiPhish

    Champion Member

  • Members
  • 697 posts
  • Graphics Card:NVIDIA GeForce 9400M
  • Operating System:Mac OS X 10.7 (Lion)
Author

Posted 24 June 2012 - 09:12 AM

I don't know, I cannot hear the intonation of your voice over the internet, so it just seemed to sound mad in my head.
Games I own that still need porting:
Dark Messiah of Might & Magic, Descent 3, Fallout, Space Rangers 2

#16 syao

syao

    Administration Team

  • Administrators
  • 664 posts
  • LocationThe Net, Vast and Infinite
  • Graphics Card:[MacBook 13 - Intel GMA950] [iMac 27 - ATI Radeon HD4850] [MacBook Pro 13 - Intel HD3000]
  • Operating System:macOS 10.12 (Sierra)

Posted 25 June 2012 - 03:52 PM

Still no clear info about this anywhere on the Apple's site...

All I found so far (no good news) is that

Quote

As part of the Mac Developer Program, Apple gives each developer a unique Developer ID for signing their apps. A developer’s digital signature lets Gatekeeper verify that they have not distributed malware and that the app hasn’t been tampered with.
Source: http://movies.apple....es_Overview.pdf - page 14

And

Quote

Only Mac Developer Program members are eligible to request Developer ID certificates and sign applications or installer packages using them.
[...]
To enroll in the Mac Developer Program, go to Apple Developer Program Enrollment where a web assistant guides you through the entire process of enrolling. If you have not registered as an Apple Developer yet, you can do so as part of enrolling in the Mac Developer Program. When you are prompted to select a program, select the Mac Developer Program.
Source: http://developer.app...onsOutside.html
(and, of course, the “Apple Developer Program Enrollment” page still says you have to pay $99.

Both documents I quoted are already updated for Mountain Lion and reachable through links on the public pages of the Apple site, so I really have a bad feeling about this...

Posted Image
This ███ will be left blank in sign of protest █████ internet censorship.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users