Archive for September 4, 2019

Wednesday, September 4, 2019

Notarization Requirements Relaxed

Apple:

As a reminder, Mac software distributed outside the Mac App Store must be notarized by Apple in order to run on macOS Catalina. To make this transition easier and to protect users on macOS Catalina who continue to use older versions of software, we’ve adjusted the notarization prerequisites until January 2020.

You can now notarize Mac software that:

  • Doesn’t have the Hardened Runtime capability enabled.
  • Has components not signed with your Developer ID.
  • Doesn’t include a secure timestamp with your code-signing signature.
  • Was built with an older SDK.
  • Includes the com.apple.security.get-task-allow entitlement with the value set to any variation of true.

This makes a lot of sense because the main benefit of notarization is the malware scan. It was never necessary to bundle that with all the other requirements.

Rosyna Keller:

It’s super important to check the logs because the warnings will become fatal errors again come January, 2020!

Mark Munz:

IMO, they have failed at both the end-user level and the developer level. This delay, while helpful, doesn’t address the core issues.

There is no easy way to tell if an app is notarized. End-users can’t tell which apps are or are not notarized.

I agree that there remain problems, but I don’t think this is something that end users need to be concerned with checking. Except for unusual ways of getting an app onto a Mac, and manually bypassing the launch check, the system is going to enforce that everything is notarized.

Tom Bridge:

This does still mean you need to get notarized packages, zips and disk images for your environment if you intend to have 3rd party non-AppStorer software installed directly by end users. If you are installing tools via Munki’s LaunchDaemons or Jamf’s framework, this doesn’t apply yet.

Previously:

Update (2019-09-06): Howard Oakley:

It’s also worth noting that some developers have reported that apps which have been successfully notarized don’t always complete Catalina’s first run Gatekeeper checks successfully, and as a result Catalina may refuse to open them.

Update (2019-09-09): Isaiah Carew:

relaxing the deadlines does not solve the terrible user experience issues.

nor the issue that you can’t staple a notarization receipt to a zip file.

even just in the public beta, the problems are already so numerous that i have a one-button form response to the issue.

Howard Oakley:

As a user though I’m now left in doubt. Was all this performance with notarization and claims of its security benefits actually genuine? If so, why is this being postponed further, giving another three or more months of exploits? Or maybe Apple had overstated its benefits, in which case how is Catalina going to improve security, other than with its read-only system volume? If hardening and strict notarization do bring significant security benefits, why doesn’t macOS let me know which apps are well-prepared, and which are not?

Update (2019-09-10): Rosyna Keller:

Plugins are able to be stapled since Xcode 10.2.

See also: Howard Oakley.

Update (2020-02-04): Howard Oakley:

From today onwards, there’s only one class of notarized software. All new notarizations must follow strict rules, which require the hardened runtime to be enabled, every component properly signed with the developer’s certificate(s) and a secure timestamp, built using a recent version of the macOS SDK, and a few bits more besides.

Update (2020-02-24): Matt Deatherage:

It all seems like a standard (if accelerated) rollout of a critical security feature, and it was—with one exception. You may recall that Apple tied notarization to its Hardened Runtime environment, one that disallows several low-level features unless explicitly authorized by the developer in the code-signature.

Apple did not document the Hardened Runtime until WWDC 2019. Developers were asked to use a runtime environment that was not even explained to them.

Oh, sure, Apple made allowances for that. Until early 2019, developers could notarize absolutely anything, signed or not. Then there was a period where the Developer ID signing certificate did not have to match the certificate submitted with the notarization request. Both those periods ended in 2019 before Apple published Hardened Runtime documentation.

[…]

More resources on the Hardened Runtime might have fixed this, but one thing certainly would have. Hardened Runtime and notarization should never have been tied together. They are both security features that Apple wishes to require to protect its customers, but the binding of the two systems led to a 2019 full of “You have to notarize to launch on Catalina, but that means you have to use this other environment that we’re not really explaining yet.”

What Beta Means

Brent Simmons:

Here are my definitions:

development (d): everything is in progress and the app might be completely unusable.

alpha (a): the app is feature-complete and has no known bugs — but, importantly, it’s had very little testing.

beta (b): the app is feature-complete, has no known bugs, and has been tested — but further testing is still warranted. Every beta is a release candidate.

The definitions I like to use, which I think originally came from Apple’s guidelines, are the same except that known bugs are allowed in the alpha stage. In any case, Apple and most of the rest of the world have moved on to other definitions. All of Apple’s betas these days have known bugs, and they’re usually not feature complete.

Run Commands, the ‘rc’ in ‘.bashrc’

Wikipedia (via Hacker News):

Tom Van Vleck, a Multics engineer, has also reminisced about the extension rc: “The idea of having the command processing shell be an ordinary slave program came from the Multics design, and a predecessor program on CTSS by Louis Pouzin called RUNCOM, the source of the ‘.rc’ suffix on some Unix configuration files.”

Previously:

How to Manage Audiobooks in a Post-iTunes World

Kirk McElhearn:

You can move your audiobooks to the Books app, which offers a number of features for playback that are more appropriate for listening to spoken word. For example, you click buttons to skip ahead or back by 15 seconds, set a sleep timer, and more. However, these files are stored on your startup disk, and you may simply not have enough space on this disk[…]

[…]

Or you can keep your audiobooks in your Music library. If you rip audiobook CDs, their files can stay in your Music library, and you can listen to them in the Music app, sync them to an iOS device, and even put them in your iCloud Music Library, if the bit rate is 96 kbps or above.

Previously: