https://bugs.documentfoundation.org/show_bug.cgi?id=126409
Christian Lohmaier <[email protected]> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--- Comment #56 from Christian Lohmaier <[email protected]> ---
(In reply to Tor Lillqvist from comment #55)
> But the LibreOffice.app one downloads from TDF is still not notarized, is
> it?
No - all mac builds for 6.3 and later versions you can download from
www.libreoffice.org are notarized. Daily builds created by tinderboxes are not
signed at all and therefore also not notarized.
> So in what way could this bug be seen as resolved?
The question is: why is this still open. And the answer is: mixing of different
stuff.
Problem initially was with Gatekeeper in macOS Catalina. A bug in Catalina's
gatekeeper. That still claimed that it was not notarized despite having been
notarized and the commandline tools (spctl, codesign, stapler) all confirming
that.
If you get the message "has been checked by Apple for malware" when opening
(and are able to launch it without going to system settings and set a security
exception or using alt-open to add the exception that way): that is the
end-user visible proof of successful notarization.
Confirmed by multiple persons that gatekeeper in current version of Catalina no
longer (falsely) accuses the App of not being notarized → resolving WFM.
As for stapling the info the dmg and not the app included in the dmg container:
also expected/as designed:
https://github.com/akeru-inc/xcnotary/issues/3#issuecomment-622022976
> Our general advice here is that you sign everything, from the inside out, and
> > then notarise and staple the outermost container. That ticket covers all
> the > code included in the container. When Gatekeeper checks the code
> signature of > the container, it will ingest the ticket, avoiding the need
> for a round trip > to the notary service on first run.
As to .app folder being modified post-gatekeepr/notarization checks: Those
already have corresponding separate bugs, but those are unrelated to gatekeeper
and notarization. That's only checked on first launch.
--
You are receiving this mail because:
You are the assignee for the bug._______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
