It sounds like not signing at all is still an option? "Mac apps, installer packages, and kernel extensions *that are signed with Developer ID* must also be notarized by Apple in order to run on macOS Catalina."
Apple has made this way too complicated to be useful IMHO. --- Andy Maloney // https://asmaloney.com twitter ~ @asmaloney <https://twitter.com/asmaloney> On Wed, Jul 10, 2019 at 5:28 AM Elvis Stansvik <elvst...@gmail.com> wrote: > Den tis 9 juli 2019 kl 19:57 skrev Adam Light <acli...@gmail.com>: > > > > > > > > On Fri, Jun 21, 2019 at 12:13 AM Kai Köhne <kai.koe...@qt.io> wrote: > >> > >> > >> I understand that the "hardened runtime" enabling happens at codesign > time, > >> so this should arguably be a feature of macdeployqt. It's not there yet > though, > >> at least according to https://bugreports.qt.io/browse/QTBUG-71291 . > If you're > >> right that this will become mandatory for macOS 10.15, it arguably get > a higher > >> priority; feel free to comment, including a link to the source of this > statement. > >> > >> For the time being, it seems you've to execute the codesign call > yourself. > >> > > > > Notarization is a requirement for macOS 10.15 (Catalina, currently in > beta). See https://developer.apple.com/news/?id=06032019i for an official > source of this requirement. In one of the WWDC 2019 talks about security > and code signing/notarization, they mentioned that this was true for > applications built (or maybe it's signed) after some date in early June. > For example, Qt 4.9.2, released June 26, 2019, will not run on Catalina > beta 3 without knowing how to work around the notarization requirement. > > With "work around" do you mean from the user POV (e.g. somehow > disabling Gatekeeper, or Ctrl+Open, or something else) or from a > developer POV (so, having to notarize)? > > I'd like to know if there is some reasonably simple way for users to > get around the requirement. We will not be able to notarize every > build we do, because of the time it takes. But at the same time we, > and our testers, must be able to test random builds from Git (we build > a .dmg for every commit) to try out in-progress features/bug fixes... > So I really hope there will be some way for the user to get around the > notarization requirement. > > Elvis > > > > > Note also that notarization is separate from hardened runtime. An > application built with the 10.14 SDK or later must enable hardened runtime > in order for it to be possible to notarize the application, but it is > possible to notarize applications built with previous SDK versions for > which hardened runtime did not exist. > > > > See my comment at > https://bugreports.qt.io/browse/QTBUG-73398?focusedCommentId=468111&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-468111 > for some links that are particularly helpful in describing all of the > complexities involved in notarization and hardened runtime. > > > > Adam > > _______________________________________________ > > Interest mailing list > > Interest@qt-project.org > > https://lists.qt-project.org/listinfo/interest > _______________________________________________ > Interest mailing list > Interest@qt-project.org > https://lists.qt-project.org/listinfo/interest >
_______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
