[Interest] notarizing builds for Mac - enabling hardened runtime

Adam Light aclight at gmail.com
Wed Jul 10 21:18:44 CEST 2019

On Wed, Jul 10, 2019 at 2:28 AM Elvis Stansvik <elvstone at gmail.com> wrote:

> With "work around" do you mean from the user POV (e.g. somehow
> disabling Gatekeeper, or Ctrl+Open, or something else) or from a
> developer POV (so, having to notarize)?
Instead of repeating myself here, please see my comment at
explains what I mean by "work around". I just added screen shots of the
dialogs I mentioned in that comment so it's clear what the user sees.

> I'd like to know if there is some reasonably simple way for users to
> get around the requirement. We will not be able to notarize every
> build we do, because of the time it takes. But at the same time we,
> and our testers, must be able to test random builds from Git (we build
> a .dmg for every commit) to try out in-progress features/bug fixes...
> So I really hope there will be some way for the user to get around the
> notarization requirement.

Notarization doesn't take more than a few minutes (in my limited
experience) but it's a hassle to script the process. Your build machines
and possibly your testers will not need to have a notarized application
because, as I understand it, notarization is not required if the
application does not have a quarantine flag. If it's been downloaded via a
standard web browser, it should have the flag. But if it was built on the
machine, or if it was transferred from another machine using something like
curl, rsync, etc. then it is unlikely to have the quarantine flag.

Of course, it is possible that in the future the quarantine flag will not
control whether the notarization check happens, so what I said in the
paragraph above may change.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20190710/733339f3/attachment.html>

More information about the Interest mailing list