https://support.apple.com/guide/security/app-code-signing-pr...
> On devices with macOS 10.15, all apps distributed outside the App Store must be signed by the developer using an Apple-issued Developer ID certificate (combined with a private key) and notarized by Apple to run under the default Gatekeeper settings.
Re: Developer ID Certificates: https://developer.apple.com/help/account/certificates/create...
I suspect the friction that users are facing are due to dodging the above requirements.
You can also try macinabox if you have unraid:
https://hub.docker.com/r/spaceinvaderone/macinabox
It’s probably the easiest way of setting up a Mac VM if you have unraid. I know there are similar options for qemu and kvm based hypervisors. If you have an amd gpu you should be able to pass it through.
The only way atm is installing homebrew and using a gnu tool chain if I understand the license of the official sdks correctly?
The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0xae1038720 {Error Domain=NSPOSIXErrorDomain Code=163 "Unknown error: 163" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}
This error exists because Apple has effectively made app notarization mandatory, otherwise, users see this warning. In theory, notarization is straightforward: upload your DMG via their API, and within minutes you get a notarized/stamped app back.
…until you hit the infamous "Team is not yet configured for notarization" error.
Once that happens, you can be completely blocked from notarizing your app for months. Apple has confirmed via email that this is a bug on their end. It affects many developers, has been known for years, and Apple still hasn't fixed it. It completely elimiates any chances of you being able to notarize your app, thus, getting rid of this error/warning.
Have a loot at how many people are suffering from this for years with no resolution yet: https://developer.apple.com/forums/thread/118465
Other than developing my own (without using any other OS...) which is a ... significant ... task, there's not much other option. YMMV.
As a Linux lifer I agree that the hard diamond surface of the Mac desktop has a solid feeling to it. The Linux way is harder and also more brittle. Windows and Linux are both better than MacOS even as a desktop as long as you do not look at the in the wrong way. The thing is I have only minor problems doing that on either Linux or Windows, but the walled garden of the Mac, Android and iOS is a joke.
MacOS is designed to be a somewhat stable desktop, that is good. It is not a better Unix, it is a political stance that means hacking will forever die.
Linux developers seem to almost-universally believe that if the user doesn’t like it or it doesn’t make sense then the user will fix it themselves either via configuration files or patching the source code. That model works fine for users with a lot of knowledge and time on their hands. In other words, it’s an operating system for hobbyists.
MacOS, for all its faults, is still pretty easy to use (though not even close to the ease of use of Classic Mac OS 9 and earlier).
In case you're wondering like me, this is the advert in question: https://www.youtube.com/watch?v=8CwoluNRSSc&t=0
However yes, security is much more than an UAC dialog.
The thing that really irks me is I've got a paid developer account with Apple, I've already done the xcode dance, notarized binaries and all that nonsense, shouldn't this have activated some super special bit on my Apple account that says
“this one needs to do random stuff now and again and after saying, `Hey just checking in, doing this will do X to your computer probably, and maybe set it on fire, but if you say "go for it, I promise I know what I'm doing', I'm gonna trust you champ`, finger guns“
(not sure why in my head the personification of Apple would do "finger guns", but here we are I guess :shrug:)
Hell at this point I'll take a checkbox in my settings that says, ”Some people are into extreme sports, I love to install random binaries, just get out of my way“
Or something like that
(Joke is on you. You thought you'd be given access to app data to back it up? That's against the security model.)
Answer to Skeltoac: Isaiah 57:1
Maybe 1 out of 1,000 users will know the magic ritual required to run what they want on their machine, and for every one of those, 10,000 are gaslit into thinking you were trying to harm them by macOS' scary warnings and refusal to do what they want.
Apple will make users know that there are loads of hackers trying to trick them. The threat is extremely real.
> 10,000 are gaslit into thinking you were trying to harm them
Gaslit? Again, many are absolutely trying to harm users. Pretending this is some fake threat is perverse.
As much as people like to complain about downloaded software having restrictions, or encouraging the developer to be verified by Apple, we had already entered a world where users were told to never, ever run any software not by one of the bigs. I mean, I've told relatives that, for good reason after they installed malware and other nonsense repeatedly. It sucks having to get an Apple account and sign your executable, but for any normal user outside of the foolish, that was the only way they were ever going to run your app.
And honestly, for the case given this should be a web app. People shouldn't be trusting some random executable by some random group.
Should it be $100 per year? No, that is ridiculous and usurious.
It makes a bit more sense on accounts that have a password set, as it requires you to confirm identity when introducing significant changes to the system (and this is something that Apple also does).
Gatekeeper is a different thing, it basically makes sure that the software you're trying to run has been pre-scanned for malware by a trusted party, similar to Windows's "smart screen" and Defender or APt's GPG keyring integration. It's a mechanism that is completely invisible to 99+% of users. If you see a Gatekeeper pop-up and the app in question is not mlaware, the developer is doing something very wrong.
Refusing to pay $100 for notarization is not "doing something very wrong".