Sign Sparkleshare binary to make installation on OS X easier

[yeah]

With the introduction of Apple's Gatekeeper in Lion, unsigned apps downloaded from the Internet can no longer be executed. The two possible workarounds (disabling Gatekeeper in Settings or pressing Control while opening the app via the context menu) are cumbersome and sometimes hard to explain to users.

Without judging on whether it's a good or bad thing that Apple's now made OS X more of a walled garden, I think SparkleShare should play along for the sake of its (not so IT savvy) users.

@hbons, what's your opinion on this? If I understand correctly, Apple is charging $99/year for the developer program. Should that be the only reason holding you back, my company Planio (which is using SparkleShare with great success!) would be happy to cover for that as part of an ongoing donation to the SparkleShare project.

[aggsol]

SparkleShare emphasizes to be open and free for everyone.In spirit of this disabling the Gatekeeper is the proper way. Also as SparkleShare is GPL3 everybody is free to build and sell SparkleShare there if anyone wants it.

[yeah]

SparkleShare emphasizes to be open and free for everyone.In spirit of this disabling the Gatekeeper is the proper way.

I agree, that's what we as computer-savvy people can do. My argument was made with the "average user" in mind for whom - I believe - SparkleShare was made as well, and who might not know how to do it.

And yes, educating them about Gatekeeper and why it's bad would be a totally acceptable answer. But afaik, the download page at sparkleshare.org doesn't attempt at doing that either.

Also as SparkleShare is GPL3 everybody is free to build and sell SparkleShare there if anyone wants it.

Yup, I have been thinking about this as well. We could just fork SparkleShare, slap our own name + logo on it and do our own thing. But wouldn't that be even worse for the SparkleShare project? I want our users to see the SparkleShare "brand" and I'd like them to understand that they're using an awesome open source software.

[hbons]

I think it's a good idea to have signed binaries. I don't think it conflicts with the spirit of Free software all. People will still be able to build their own binaries and we can offer a normal download as well.

@yeah It would be amazing if you could cover this cost. Thanks so much. I don't know how to set this up with MonoMac though, can you do some research into this?

[yeah]

That's great. Yes, we would be happy to cover the cost. I've also done some research (googling) and have collected a few pointers:

https://www.mail-archive.com/[email protected]&q=subject:%22Re%5C%3A+%5C%5BMono%5C-osx%5C%5D+AppStore+Sandboxing%22&o=newest

http://stackoverflow.com/questions/25760651/why-application-with-version-2-envelope-working-on-os-x-10-9-not-accepted-by-gat

http://stackoverflow.com/questions/21736367/signing-code-for-os-x-application-bundle

I'll get in touch via email to discuss how we can arrange paying for the developer program.

[brandung-sjorek]

I totally agree to @yeah 's thoughts - distributing a code-signed fork of this product, would be a really bad idea.

Sadly, the unsigned SparkleShare-binary prevents us from using this great product. Disabling Gatekeeper means disabling Security in MacOS - this is not an option. And opening SparkleShare with Gatekeeper disabled (control-click or right-click => open) also means, there is no security that prevents SparkleShare to be compromised. As SparkleShare also does not run in a Sandbox, the whole security-model (including the encryption) can be called broken on MacOS.

To work around this issue I would need to compile SparkleShare by myself and sign the binary with my own certificate. If this is really the road you want your community to take, we could do so. As neither the Gatekeeper nor the MacOS Code-Signing mechanism's violate the GPL3, this would be a sad situation for this great product.

So @yeah - spending the money for SparkleShare's own developer-certificate is the best what could be done. I (and my 150+ employee company) really would like to participate in paying the yearly certificates - although a company-wide fork would be much cheaper for us.

@aggsol I totally understand your open-source concerns and appreciate them very much - but we're not talking about the open-source aspects here - we're talking about the security aspects of SparkleShare. To make any security-model work on MacOS a software-product must be code-signed by a trusted source (in this case Apple only trusts registered developers) and should run in a MacOS-sandbox … it is as simple as the marketing describes it:

The App Sandbox in macOS helps ensure that apps do only what they’re intended to do. App sandboxing isolates apps from the critical system components of your Mac, your data, and your other apps. Even if an app is compromised by malicious software, sandboxing automatically blocks it to keep your computer and your information safe.

from: MacOS - Security - Sandboxing helps contain malicious code

Gatekeeper … allows you to run apps … that are signed with a Developer ID from Apple. The Developer ID allows Gatekeeper to block apps created by malware developers and to verify that apps haven’t been tampered with.

from: MacOS - Security - Gatekeeper makes … the Internet safer.

To accomplish security on MacOS, means to follow these two simple contraints.

[hbons]

Thanks everyone. I do think this is important but I just never got round to this. I'll bump this on my list of priorities, but I can't promise when this will happen.