Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App requires GateKeeper to be set to allow unauthorized apps on OS X #48

Open
machawk1 opened this issue Jul 29, 2013 · 6 comments · May be fixed by #596
Open

App requires GateKeeper to be set to allow unauthorized apps on OS X #48

machawk1 opened this issue Jul 29, 2013 · 6 comments · May be fixed by #596
Labels
MacOS X-Specific
Milestone
Non-critical Fixe...

Comments

@machawk1
Copy link
Owner

This is due to the app not originating from the MacOS X app store. Doing so might not be possible, as the Apple TOS prohibits apps within apps in the store. Wayback, Heritrix et al are exactly this.
@ghost ghost assigned machawk1 Jul 29, 2013
@machawk1 machawk1 mentioned this issue Apr 7, 2014
Open
machawk1 pushed a commit that referenced this issue Oct 22, 2018
@N0taN3rd
Notification for each action that are user started is implemented fixes
6148b54 
#47 #34

Latest 100 events is availble for viewing in the misc tab fixes #36
Aacronyms are better minded fixes #51
I speelz betters fixes #48
Serivces stop fix buttons are better behaived fixes #52
@machawk1 machawk1 removed their assignment Feb 21, 2019
@machawk1
Copy link
Owner Author

👋 Hello from a decade later, where I have finally opted to procure an Apple id to get the app signed.

#595 has some instructions to get things up and running. See the issue-48 branch for the base fix. However, one issue is that MAKEFILE copies a few directories (e.g., bundledApps) after Pyinstaller builds the app with entitlements, which invalidates the codesigning.

The Pyinstaller option to add data flattens all data, so is not a good option to mitigate this. The issue remains until I can find a way to include all of the files manually copied over (per the MAKEFILE) after the build into the generated .app.

@machawk1
Copy link
Owner Author

Run security find-identity -p basic -v to get the signing string then:

codesign --force --deep --sign "thestringhere" /Applications/WAIL.app

With the copy commands in-place, this reports:

/Applications/WAIL.app: replacing existing signature
/Applications/WAIL.app: unsealed contents present in the bundle root

...with the latter probably indicative of a mismatch between the indexing that occurs during codesigning (assumably) and the contents that are added after the original signing occurred. This comes down to a need to reorganize the contents of the .App.

@machawk1
Copy link
Owner Author

machawk1 commented Mar 10, 2025
edited
Loading 

cd /Applications/WAIL.app
mv archives bundledApps support archiveIndexes build config ./Contents/
codesign --force --deep --sign "thestringhere" /Applications/WAIL.app

...results in a messages not including the one referring to the unsealed contents.

The follow-on:

codesign -vv --strict /Applications/WAIL.app
/Applications/WAIL.app: valid on disk
/Applications/WAIL.app: satisfies its Designated Requirement

...indicates that this might be a valid solution but will require updating the locations in the Py code itself and might be an impetus to get the generated data out of the "binary" directory. (#332)

machawk1 added a commit that referenced this issue Mar 12, 2025
@machawk1
Change paths of WARCs and indexes after moving included tools to
6be05d2 
be within the macOS Contents dir under WAIL.app

re:#48
@machawk1 machawk1 pinned this issue Mar 12, 2025
@machawk1
Copy link
Owner Author

Lots of resolutions in 6be05d2. Captures from the local Heritrix now show in the calendar view in Wayback but I do not appear accessible. This ticket is not about that but GateKeeper checks. Setting this issue as PENDING to test on a non-dev machine with a tagged version.

@machawk1 machawk1 linked a pull request Mar 12, 2025 that will close this issue
Add Codesigning and move data outside of app directory #596
Open
@machawk1
Copy link
Owner Author

One problem: GitHub Actions won't have the creds to sign the app. It also needs to be "stapled", "notarized", etc. before the next release for a GitHub and homebrew-based distribution. Expect the artifact generation action to fail unless a flag to disable the codesigning is added.

  • Add a flag to the build script to disable the codesigning for GitHub Actions' builds.

@machawk1 machawk1 mentioned this issue Mar 12, 2025
Open
@machawk1
Copy link
Owner Author

Take a look again at the build script copying the Info.plist and things in bundledApps. I am wondering if this is corrupting the build, though the resigning should mitigate this and allow it to run.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
MacOS X-Specific
Projects
None yet
Milestone
Non-critical Fixes & Features (Future...
Development

Successfully merging a pull request may close this issue.

Add Codesigning and move data outside of app directory machawk1/wail
1 participant
@machawk1