View Bug Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001168 | DCP-o-matic | Features | public | 2018-01-15 11:51 | 2018-10-17 20:15 |
Reporter | Carsten | Assigned To | carl | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | Mac | OS | OS X | OS Version | 10.11 |
Product Version | 2.11.0 | ||||
Target Version | 2.12.0 | ||||
Summary | 0001168: Sign app in OS X so the firewall request (allow incoming connections) doesn't always pop up on app start? | ||||
Description | Found this at Apple: https://support.apple.com/en-us/HT201642Some apps check their own integrity when they are opened without using code signing. If the firewall recognizes such an app it doesn't sign it. Instead, it the "Allow or Deny" dialog appears every time the app is opened. This can be avoided by upgrading to a version of the app that is signed by its developer. | ||||
Tags | No tags attached. | ||||
Branch | |||||
Estimated weeks required | |||||
Estimated work required | Unknown | ||||
|
As I understand it I have to pay £99 a year to Apple for the privilege of signing my app, which I am disinclined to do. |
|
Oh, signing is tied to a commercial apple developer ID? Okay, makes some sense. I think they start to give out free developer accounts in the US this year, but even if they'd extend that to the UK, you would probably not qualify as a 'charitable organization'? I thought there were other ways to solve this. There are some cases were creating firewall rules didn't solve this issue. I can not remember when this turned up initially on my Mac, but since then I thought it was sort of a deadlock/bug, not a requirement, but looks as if at some point Apple made it a feature. Well then...
|
|
That's the way I understand it... I'd be happy to be proved wrong. |
|
As a tester and translator, I am probably bugged more by this issue than many others, as frequently I spent more time exiting and restarting the app than working in it ;-)
|
|
I'm having second thoughts about this. I may be cutting off my nose to spite my face... |
|
OK, I've given in and apple have got their £79. Hopefully now I can get rid of this warning... |
|
Should be fixed by 2e1c5594f784c061c18b09a619d22450ee529905 |
|
Any idea when this will become effective? I assume it will take some time? Will we see this 'feature' in 2.12?
|
|
It's supposed to work in 2.11.69. Does it not? I think my OS X version is less fussy about these things. |
|
That's why I was asking - for this to happen, does something first need to be processed at Apple, like a registration completing, or did you immediately received a working certificate to sign DCP-o-matic? I don't know much about the inner working of apples app signing. I would assume it needs to work offline as well, and if so, how does my OS X know your signing/certificate is valid? I heard that apple can withdraw certs if they have been abused as well, so there needs to be some way of communicating that back and forth? Anyway - I tried it last night with 2.11.70, and the firewall confirmation dialog still comes up. I deleted all DCP-o-matic related entries in my firewall exception rules, and reinstated them from scratch, but the dialog still comes up on every start. This is on Sierra. I hope you didn't spend that money for nothing ;-)
edit: <grin> just fired up all DCP-o-matic apps to look for that dialog, and when it was (expectedly) missing for the player, I had that funny idea about using remote DEcoding servers for the player - but only for a fraction of a second ;-) |
|
You get it straight away. They do zero actual work, and apparently zero checks. I think it's just so they can turn you off if they don't like what you are doing. And of course pocketing some cash while they do it. I really don't have much clue how it works. As you say there must be some communication for revocation, I think. Is the error just about firewalls? Does it (or has it ever) said anything about being an unknown developer, or anything like that? |
|
You're right, for some strange reason I didn't pay attention on that - that one usually doesn't annoy me as it only needs to be bypassed once when installing a new version, whereas the firewall/incoming connection issue pops up on every app start. Now, I just deleted all .70 apps from their folder and reopened all DMGs from where I had stored them last night - I get a very long 'verifying application...' (multiple minutes actually), and then again 'app start blocked missing developer identity confirmation' (or whatever that spells in real english). This also happens with a new .70 download I did just now. I am sure this did not happen last night when I installed it first. But I experienced this on some occasions before. Maybe my machine/gatekeeper DOES check something online, and there may be times when this takes longer. When I saw this happen before, I assumed the download or app could have been broken, but it seems, that was never the case. When I reinstall .68, currently I get the same delayed 'checking', so, it sure is some temporary issue. I guess I need to read a bit more about the gatekeeper process. I would think that the app signing works similar to DCI signing. The certificate that comes with the app is checked against the private OS X key. Maybe at app start, or by applying software updates, certain certificates can be revoked. As you spent that money, it sure would be nice to have it working in 2.12 right away.
edit: Restarted my internet router and Sierra machine - no change so far, guess I simply need to wait a bit... |
|
|
|
Hmm, this goes a bit above my head I guess... Now: I copied my .70 DMGs over to my Snow Leopard MB, I edited the firewall rules there, removing all DCP-o-matic entries. On SL, I can start any application without the initial verification taking place. After opening, I still get the firewall dialog about wether I want to allow DCP-o-matic to receive incoming connections. I allow this for all apps, but none of these apps appear in my firewall list of allowed apps. After I added DCP-o-matic main app manually, I can open every DCP-o-matic application without that dialog popping up. Back to my Sierra machine: I have set my security settings/gatekeeper to allow apps from Appstore and certified developers. There are no firewall rules visible for DCP-o-matic. Maybe we should ask other OS X users about their experience on the mailing list and the forum?
|
|
Believed fixed (eventually) |
Date Modified | Username | Field | Change |
---|---|---|---|
2018-01-15 11:51 | Carsten | New Bug | |
2018-01-15 11:51 | Carsten | Status | new => assigned |
2018-01-15 11:51 | Carsten | Assigned To | => carl |
2018-01-15 20:24 | carl | Target Version | 2.12.0 => |
2018-01-15 20:24 | carl | Note Added: 0001997 | |
2018-01-15 21:52 | Carsten | Note Added: 0002004 | |
2018-01-15 22:01 | carl | Note Added: 0002006 | |
2018-01-15 22:21 | Carsten | Note Added: 0002008 | |
2018-02-28 09:35 | carl | Target Version | => 2.12.0 |
2018-02-28 09:35 | carl | Note Added: 0002224 | |
2018-02-28 11:15 | carl | Note Added: 0002225 | |
2018-02-28 14:20 | carl | Status | assigned => resolved |
2018-02-28 14:20 | carl | Resolution | open => fixed |
2018-02-28 14:20 | carl | Note Added: 0002228 | |
2018-03-07 01:29 | Carsten | Note Added: 0002276 | |
2018-03-07 01:32 | carl | Note Added: 0002277 | |
2018-03-07 12:17 | Carsten | Note Added: 0002278 | |
2018-03-07 12:19 | Carsten | Note Edited: 0002278 | |
2018-03-07 12:22 | Carsten | Note Edited: 0002278 | |
2018-03-07 12:22 | carl | Note Added: 0002279 | |
2018-03-07 12:22 | Carsten | Note Edited: 0002278 | |
2018-03-07 12:33 | Carsten | Note Added: 0002280 | |
2018-03-07 13:22 | Carsten | Note Edited: 0002280 | |
2018-03-07 13:27 | Carsten | Note Edited: 0002280 | |
2018-03-07 13:28 | Carsten | Note Edited: 0002280 | |
2018-03-07 13:35 | Carsten | Note Edited: 0002280 | |
2018-03-07 13:36 | Carsten | File Added: Bildschirmfoto 2018-03-07 um 14.33.22.png | |
2018-03-07 13:36 | Carsten | Note Edited: 0002280 | |
2018-03-07 14:38 | Carsten | Note Added: 0002282 | |
2018-03-07 14:40 | Carsten | Note Edited: 0002282 | |
2018-03-07 14:42 | Carsten | Note Edited: 0002282 | |
2018-03-07 14:43 | Carsten | Note Edited: 0002282 | |
2018-03-09 23:06 | carl | Status | resolved => confirmed |
2018-03-16 16:11 | carl | Status | confirmed => resolved |
2018-03-16 16:11 | carl | Note Added: 0002298 | |
2018-10-17 20:15 | carl | Status | resolved => closed |