This is correct. I added it to the Pd app bundle entitlements to get rid of the error dialog for (older) externals on macOS 10.15, I believe:
https://github.com/pure-data/pure-data/blob/master/mac/stuff/pd.entitlements <https://github.com/pure-data/pure-data/blob/master/mac/stuff/pd.entitlements> https://eclecticlight.co/2021/01/07/notarization-the-hardened-runtime/ <https://eclecticlight.co/2021/01/07/notarization-the-hardened-runtime/> If you start signing dynamic libs, I think you also need to set the min deployment target to 10.9 or above, at least for apps with a "hardened run-time" but I'm not sure if Pd does since we are (re)using the Wish app from the Tk build process. (I *think* it is as it is enabled during the code sign steps which apply the entitlements?.) The security settings like these are much more obvious when making a more "native app" via Xcode but less so when building on the command line. In any case, I did a quick search and found the following: https://developer.apple.com/forums/thread/130065 <https://developer.apple.com/forums/thread/130065> https://developer.apple.com/documentation/security/hardened_runtime <https://developer.apple.com/documentation/security/hardened_runtime> etc... (Sorry for not being the authority on this. I honestly try to write scripts for this so I can flush my memory every time I deal with code signing.) > On May 4, 2022, at 8:32 AM, [email protected] wrote: > > i guess that while Pd has the permission to load *unsigned* externals, > macOS still refuses to load *signed* externals with an invalid signature. -------- Dan Wilcox @danomatika <http://twitter.com/danomatika> danomatika.com <http://danomatika.com/> robotcowboy.com <http://robotcowboy.com/>
_______________________________________________ Pd-dev mailing list [email protected] https://lists.puredata.info/listinfo/pd-dev
