Skip to content

Investigate supporting App Notarization #825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ychin opened this issue Dec 22, 2018 · 2 comments
Closed

Investigate supporting App Notarization #825

ychin opened this issue Dec 22, 2018 · 2 comments
Milestone
snapshot-160

Comments

@ychin
Copy link
Member

ychin commented Dec 22, 2018

With the release of macOS 10.14 Mojave, Apple has introduced a concept called App Notarization. It allows developers to send a copy of the app to Apple for validation to make sure it has no malware, etc, before releasing. Investigate using it in addition to just code signing with an Apple Developer ID.

Reasons for investigation:

  • In the future Apple will mandate using notarization for Gatekeeper (i.e. signed apps distributed outside app store) so may as well get ahead of it. The Mojave release breaking misc MacVim features has shown how falling behind in deprecated features to not be a good idea.
  • First launch experience is better with the dialog box containing the app's logo (Apple's "carrot" for enticing developer adoption)
  • Improve trust in MacVim.

Caveats:

  • Notarization requires hardened runtime. Will need to see if it breaks certain usage of MacVim depending on what entitlement MacVim asks for.
  • One extra step in releasing software. May not be supported by Travis CI so it could be a manual process per release.
  • Requires Apple Developer account which costs an annual fee (but just signing the app already requires it).

This will come after #517 is done.
@eirnym
Copy link
Contributor

eirnym commented Jun 17, 2019

#517 has been done

@ychin ychin added this to the snapshot-160 milestone Oct 22, 2019
ychin added a commit to ychin/macvim that referenced this issue Oct 28, 2019
@ychin
MacVim Snapshot 160
02870c4 
Vim patch 8.1.2224

General:

- MacVim **now requires macOS 10.9**, up from 10.8.
- MacVim binary is now notaraized by Apple. This should make it open
  properly without a security warning in macOS 10.15 Catalina. macvim-dev#959 macvim-dev#825

Features:

- Make mouse cursor higher contrast under macOS 10.13 or older. macvim-dev#910

Fixes:

- Fix OS appearance (dark vs light mode) detection not working. See
  `:help OSAppearanceChanged` for more info on the feature.  macvim-dev#973
- Fix spell checker flagging first words in line. macvim-dev#971 (Vim 8.1.2172)
- Fix wrong highlighting color scheme. macvim-dev#960 (Vim 8.1.2176)

Misc:

- Sparkle updater has been updated to 1.22.00. macvim-dev#963

Targets macOS 10.9+

Script interfaces have compatibility with these versions:

- Lua 5.3
- Perl 5.18
- Python2 2.7
- Python3 3.7
- Ruby 2.6
ychin added a commit that referenced this issue Oct 29, 2019
@ychin
MacVim Snapshot 160
f24dd52 
Vim patch 8.1.2224

General:

- MacVim **now requires macOS 10.9**, up from 10.8.
- MacVim binary is now notaraized by Apple. This should make it open
  properly without a security warning in macOS 10.15 Catalina. #959 #825

Features:

- Make mouse cursor higher contrast under macOS 10.13 or older. #910

Fixes:

- Fix OS appearance (dark vs light mode) detection not working. See
  `:help OSAppearanceChanged` for more info on the feature.  #973
- Fix spell checker flagging first words in line. #971 (Vim 8.1.2172)
- Fix wrong highlighting color scheme. #960 (Vim 8.1.2176)

Misc:

- Sparkle updater has been updated to 1.22.00. #963

Targets macOS 10.9+

Script interfaces have compatibility with these versions:

- Lua 5.3
- Perl 5.18
- Python2 2.7
- Python3 3.7
- Ruby 2.6
@ychin
Copy link
Member Author

ychin commented Oct 29, 2019
edited
Loading

MacVim is now signed to use hardened runtime and notarized. The settings exists outside of the committed Xcode project and we choose to use the custom command line tools now (codesign and xcrun altool) which are much more flexible. This also keeps the project unsigned/hardened which makes development easier.

@ychin ychin closed this as completed Oct 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
snapshot-160
Development

No branches or pull requests
2 participants
@eirnym @ychin