decred-release icon indicating copy to clipboard operation
decred-release copied to clipboard

Published 20 hours ago verified publisher icon decred

Please sign macOS binaries

Open fulldecent opened this issue 6 years ago • 4 comments

Affected version 1.4.0.

Currently there is a "unidentified developer" warning. This is an unacceptable shortcoming for applications that involve physical health or monetary value.

fulldecent avatar Feb 24 '19 15:02 fulldecent

This is not fixed by 174. We are getting dcrinstall signed and notarized for macos in this release, but the regular archive of unsigned executables will not run if you downloaded them from a browser.

jrick avatar Oct 28 '20 20:10 jrick

They will run, but you have to manually open (using right click or command click - double click will not work) all the executables and individually approve it (macOS will prompt for admin user/password) to get it around the built in security measures.

Not an elegant look or approach for such a classy project ;P

hermanlim avatar Jan 24 '22 13:01 hermanlim

dcrinstall is properly signed and notarized and it can be used to install all of the remaining decred cli tools to ~/decred. There has been some talk about extending our macos .pkg files to install the entire decred distribution, rather than only installing dcrinstall and requiring the user to run it as an extra step, but that has not happened yet.

One major annoyance for us is that signing the binaries breaks the build reproducibility, even if you remove the added signature you don't get the same file back.

jrick avatar Jan 24 '22 14:01 jrick

Here is a general solution to making reproducible builds for open source projects: https://stackoverflow.com/a/70836033/300224

fulldecent avatar Jan 24 '22 15:01 fulldecent