On 23 Apr 2012, at 21:13, Jan Lehnardt <[email protected]> wrote: >> On 10.8 it runs afoul of the new Gatekeeper feature. > > The problem with that is that (afaik) running sub-process is not allowed, > which in turn means to compile CouchDB and Erlang and SpiderMonkey and ICU > statically into the .app binary. This has been done this for a > proof-of-concept iOS distribution before, but it sure isn't pretty.
I'm not sure about any restriction on subprocesses. — E.g. BBEdit is signed and launches various helpers. — My understanding (and I will check) was that as long as your initiating scripts that are inside your bundle (and so under the protection of the code-signing) then you're good to go. >> Re. Roger's comments about the App Store: >> >> It would be awesome to have CouchDBX in the store. As soon as I can get >> clear on the whole build process I'd be happy to sign an application for >> this and handle submitting it. >> >> Would it be feasible for the Apache Foundation (CouchDB Branch) to handle >> this instead though? > > I'd prefer that the tools to build a CouchDBX would live with the Apache > CouchDB project, but I don't think we want to be responsible for maintaining > relationships with the AppStore and producing binaries and updates. > >> That way the new version of the app would be more secure going forward. — >> I'd be happy to maintain it but ideally it wouldn't depend on any one or >> small group of developers. > > This would be interesting to find out, but I'd suggest to not worry about > this until we've got some cool software to actually submit :) This was just a thought, but yes, agreed. :-) >> 10.8 is going to require a developer certificate signing anyhow so this >> question should be addressed. > > Can you point to more resources about this. AFAIK the signing will be > optional and usually useful for end-user apps. Since CouchDBX is more > targeted at developers who are more likely to turn the signing feature off or > to a lower level, we can avoid dealing with that. Yes you can turn Gatekeeper off. The docs (such as they are) are here: https://developer.apple.com/library/prerelease/mac/#documentation/Security/Conceptual/Security_Overview/Introduction/Introduction.html#//apple_ref/doc/uid/TP30000976-CH1-SW1 (Remember the NDA — I don't know off-hand how much has changed from the public docs on code-signing — it's been around a while.) My view before this conversation was that we could bundle and sign everything we needed to not require disabling Gatekeeper. (I don't think Sparkle would work with it though.) The App Store would (ideally) require some extra steps to ensure continuity. (But as you say that can wait.)
