[Libreoffice-bugs] [Bug 126409] Notarize LibreOffice builds so that it launches without warnings on macOS 10.15 Catalina
bugzilla-daemon at bugs.documentfoundation.org
bugzilla-daemon at bugs.documentfoundation.org
Sun May 24 18:16:14 UTC 2020
https://bugs.documentfoundation.org/show_bug.cgi?id=126409
--- Comment #50 from Christian Lohmaier <cloph at documentfoundation.org> ---
(In reply to eisa01 from comment #49)
> Created attachment 161186 [details]
> Failed code sign due to Python framework
Creation of compiled py files (pyc) is also something that only happens after
LO was launched. So similar to the languagepack installation it is a
post-gatekeeper modification of the .app bundle. Not nice, for sure, but
unrelated to gatekeeper/notarization when doing the first-launch verification
by macOS
a .app copied from the dmg to your local disk before launching it should
verify:
cloph at Catalina-Mac-mini Desktop % spctl -vvv --assess --type exec
LibreOffice.app/
LibreOffice.app/: accepted
source=Notarized Developer ID
origin=Developer ID Application: The Document Foundation (7P5S3ZLCN7)
cloph at Catalina-Mac-mini Desktop % codesign --verify --deep --verbose
LibreOffice.app/
LibreOffice.app/: valid on disk
LibreOffice.app/: satisfies its Designated Requirement
cloph at Catalina-Mac-mini Desktop %
(and launching it for the first time should show the dialog with the
"..downloaded from... checked by apple for malware and none was found" dialog.)
After having launched LO (or more specifically: doing something that triggers
initialization of python, i.e. opening/creating a writer document → some
writing aids use python → python creates it pyc files) I can confirm the python
files messing up the integrity on disk, but as said: that is after LO was
already green-lit by gatekeeper.
######### stapling ###########
as for stapling: In LO's case: the thing you download is stapled, not just the
contents, so the dmg has the notarization-staple-info for the app assigned to
it.
###
> Opening the app for the first time does not show a "verify" progress bar as LO does,
likely because the Firefox app is too small/the scanning is fast enough to not
make it trigger a dialog for that. If you mean verify progress when opening the
dmg: that happens for firefox as well/any dmg, but that is just checksum based
verification of the dmg for download errors.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20200524/26b2d241/attachment-0001.htm>
More information about the Libreoffice-bugs
mailing list