https://bugs.documentfoundation.org/show_bug.cgi?id=126409
--- Comment #53 from eisa01 <[email protected]> ---
(In reply to Christian Lohmaier from comment #50)
> Creation of compiled py files (pyc) is also something that only happens
> after LO was launched. So similar to the languagepack installation it is a
> post-gatekeeper modification of the .app bundle. Not nice, for sure, but
> unrelated to gatekeeper/notarization when doing the first-launch
> verification by macOS
Ah, ok
>
> a .app copied from the dmg to your local disk before launching it should
> verify:
Yup, I can also see that now
> (and launching it for the first time should show the dialog with the
> "..downloaded from... checked by apple for malware and none was found"
> dialog.)
>
> After having launched LO (or more specifically: doing something that
> triggers initialization of python, i.e. opening/creating a writer document →
> some writing aids use python → python creates it pyc files) I can confirm
> the python files messing up the integrity on disk, but as said: that is
> after LO was already green-lit by gatekeeper.
But I guess we have no guarantee that it doesn't cause problems (e.g., the
mysterious save-as issues)
At least after those python files are created, macOS doesn't treat the .app as
notarised any more if it does a recheck. Who knows when that happens, or if the
behaviour will change in a future system update
> ######### stapling ###########
> as for stapling: In LO's case: the thing you download is stapled, not just
> the contents, so the dmg has the notarization-staple-info for the app
> assigned to it.
>
> ###
> > Opening the app for the first time does not show a "verify" progress bar as
> > LO does,
>
> likely because the Firefox app is too small/the scanning is fast enough to
> not make it trigger a dialog for that. If you mean verify progress when
> opening the dmg: that happens for firefox as well/any dmg, but that is just
> checksum based verification of the dmg for download errors.
Ah, true. Thanks for explaining all of this!
----
So in a nutshell: LO is notarised on first launch, but as soon as you do
something the .app bundle is corrupted and the .app is no longer notarised
So technically WFM, but I'm not sure there's any point in creating a new bug
"Notarisation corrupted" of "highest/critical" rating and readding everyone to
CC from this bug?
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
