upgrade dependencies to enable hardened runtime for easier install? #71
Comments
|
Are you testing this on Also, Dozer is not sandboxed at the moment so it can't be validated by Apple. |
|
yes, testing on ah hah! this does look one solution the login friction. https://github.com/Mortennn/Dozer/blob/master/Scripts/SignFrameworks.sh Curious, do you think would it be practical / worth the effort to sandbox Dozer sometime in the future? Does the permissions that it needs to manage the task bar somehow make this difficult to do? |
|
Initially, Dozer used accessibility API's which meant it couldn't be sandboxed. It doesn't anymore so it is possible now. The "only" benefit of sanboxing is that it limits what Dozer has access to:
Though, I don't think sandboxing is worth it because it limits future features from being implemented: #38 #51 #55 #67 #69. Also, Dozer has hardened runtime enabled which should at least add some extra protection. |
|
makes sense, thanks for the reply and linking to the other issues. will close this one for now. |
Got the project to build locally 🎉
I have an enhancement idea 💡
We could upgrade the dependencies to enable hardened runtime. If we do this, I think that it makes it easier for some users on the latest versions of MacOS to install Dozer.
This is what I see when I try to validate the build with Apple:
I think that these are the dependencies that would need to be updated or configured to support this:
research
https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution
or alternately do some code-signing work-around like the one described here: insidegui/WWDC#540 (comment)
more discussion here: sparkle-project/Sparkle#1389
The text was updated successfully, but these errors were encountered: