mirror of
https://github.com/debauchee/barrier.git
synced 2026-05-15 14:16:02 -06:00
[GH-ISSUE #448] Unable to install on Mac since dmg is unsigned #349
Labels
No labels
HiDPI
bounty
bsd/freebsd
bsd/openbsd
bug
bug
build-infra
cantfix
critical
doc
duplicate
enhancement
fix-available
from git
from release
good first issue
help wanted
installer/package
invalid
linux
macOS
meta
needs testing
pull-request
query
question
regression
regression
v2.4.0
windows
wontfix
work-in-progress
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/barrier#349
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Ayanmullick on GitHub (Oct 2, 2019).
Original GitHub issue: https://github.com/debauchee/barrier/issues/448
Operating Systems
Server: Windows 10 Version: 1903 (OS Build : 18362.10022)
Client: Mac OS Mojave (Version: 10.14.6)
Barrier Version
Version: 2.3.0 -snapshot-8e8b38b4
Steps to reproduce bug
I am unable to install the Barrier installation dmg file on the Mac since it is unsigned. Our company-provided Mac has been customized and all unsigned software are disallowed. Could you add a developer signature in the next version so one could install it on Mac's with such restrictions?
Other info
@AdrianKoshka commented on GitHub (Oct 3, 2019):
I don't own a macOS machine, we build our release DMGs with azure pipelines.
@Ayanmullick commented on GitHub (Oct 3, 2019):
@AdrianKoshka , Thank you for your quick response. Could you just sign the installer file with a certificate that identifies the developer?
@AdrianKoshka commented on GitHub (Oct 3, 2019):
I don't even know how to do this, I'm not a develop of barrier, I usually just try to manage issues, PRs, and maintain the flatpak.
@Ayanmullick commented on GitHub (Oct 4, 2019):
For Windows there is a sign tool. PFB link
https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
@AdrianKoshka commented on GitHub (Oct 4, 2019):
That's Microsoft's sign tool, I assume for windows. ._.
@Ayanmullick commented on GitHub (Oct 16, 2019):
Could you use
codesignto sign the dmg file for Mac?https://stackoverflow.com/questions/23824815/how-to-add-codesigning-to-dmg-file-in-mac
@AdrianKoshka commented on GitHub (Oct 16, 2019):
I don't imagine so because:
@TitanFail commented on GitHub (Oct 18, 2019):
https://support.apple.com/en-us/HT202491, and scroll down to "How to open an app that hasn’t been notarized or is from an unidentified developer"
@Ayanmullick commented on GitHub (Oct 20, 2019):
@TitanFail , that setting is blocked on my Mac provided by my organisation. Plus it is a good practice to sign one's applications.
@shymega commented on GitHub (Oct 20, 2019):
Unfortunately, not many of the developers on this project own a macOS unit, AFAIK. I guess its something to put on the roadmap though. I'm sorry that we can't do anything right now though.
I'm tempted to get a macOS machine for Barrier development, but I can't exactly afford it right now 😄. I have enough machines already!
Perhaps your organisation could whitelist Barrier; is that an option for the short-term?
@Ayanmullick commented on GitHub (Oct 20, 2019):
@shymega , I had tried that before opening this issue. InfoSec already refused.
You shouldn't have to buy new hardware to test on Mac. One can run Mac on a VM.
https://wp.sjkp.dk/running-macos-using-virtual-box-in-azure/
I can help if you want it set up in Azure.
@truatpasteurdotfr commented on GitHub (Oct 20, 2019):
@Ayanmullick even if is it technically feasible that's definitely not legal https://www.virtualbox.org/manual/ch03.html#intro-macosxguests
@Ayanmullick commented on GitHub (Oct 20, 2019):
@truatpasteurdotfr , I thought that restriction was for commercial use.
@p12tic commented on GitHub (Oct 20, 2019):
I have a MacOS VM and can look into the signing requirements. The most difficult part will be making signing automatic on Azure.
@Ayanmullick commented on GitHub (Oct 20, 2019):
Thanks @p12tic , I just need a signed dmg to install on a Macbook pro. The Azure suggestion was just for testing.
@shymega commented on GitHub (Oct 26, 2019):
What @p12tic means is that we use Azure Pipelines to make releases, and signing
.dmgs automatically upon release may be a bit tricky. We'll see.@daankortenbach commented on GitHub (Nov 5, 2019):
To open unsigned apps on macOS:
@Ayanmullick commented on GitHub (Nov 5, 2019):
@daankortenbach , that setting is blocked on my Mac provided by my organisation. InfoSec already refused an exception for me. Plus it is a good practice to sign one's applications.
@simons-public commented on GitHub (May 5, 2020):
@Ayanmullick I just put in a pull request #648 that changes the build to use
macdeployqtwhich has the ability to codesign app bundles. It would be trivial to add codesigning to building the mac release if it gets merged, but there would still need to be a valid certificate which would require an Apple Developer Program membership which costs money. Most open-source programs don't have the money for an Apple Developer account. If you really need to have the functionality and don't mind paying you could try the program Barrier was forked from since it is a paid app and is probably signed.You could see if your company will let you use a trusted certificate to compile and compile it yourself. Or if your company doesn't validate the certificate trust chain you could just build it with a self-signed certificate. I'd be happy to post a build with a self-signed certificate, but that pretty much defeats the purpose of requiring signed applications.
@AdrianKoshka if the Barrier project doesn't have any funding to open an Apple Developer account for signing it might be worthwhile to setup a way to receive donations toward that.
@Ayanmullick commented on GitHub (May 5, 2020):
@simons-public , Thank you for your response. I would like to try the build with the self-signed certificate, if possible.
@simons-public commented on GitHub (May 5, 2020):
@Ayanmullick No problem, when I get off work later tonight and I'll build and post one for you from the
0deaaadcommit with a self-signed certificate.@simons-public commented on GitHub (May 5, 2020):
@Ayanmullick the self-signed dmg/app is posted here
@Ayanmullick commented on GitHub (May 5, 2020):
@simons-public, You were right. My employer checks for Apple Dev Program Membership. :(
Thank you for your help. 👍
@p12tic commented on GitHub (Jan 10, 2021):
I think this bug is still valid. Ideally we should be able to sign Barrier with proper certificates.
@shymega commented on GitHub (Feb 3, 2021):
Agreed. We need to discuss Windows signing as well. CI builds might be an issue too - in terms of keeping credentials under lock and key... @p12tic - you don't happen to have a macOS machine, at all?
@jmahone commented on GitHub (May 28, 2021):
Has there been any further progress on this issue? I tried the self-signed dmg offered up by simons-public on May 5, 2020, and I still get the error indicating that the dmg cannot be opened because it is from an unidentified developer. As others have mentioned, my organization does not allow the installation of applications from unidentified developers.
@jmahone commented on GitHub (May 29, 2021):
I was able to get around the issue (https://github.com/debauchee/barrier/issues/602#issuecomment-822429816).
I still think it would be best practice to sign and submit your application to Apple for the security check. This would give users the confidence that barrier is safe. I've looked through the code, but I'm not a malware expert and cannot say for certain there aren't any security issues. Someone more qualified could do that, however.
@shymega commented on GitHub (May 31, 2021):
Glad you got around the issue for now.
With regards to security check, we really can't do this right now.
a) None of us have an Apple account or device to my knowledge (Povilas may though...)
b) Integrating the signing into CI would be tricky, and storing the credentials is something I'm a bit cautious on.
c) The Apple App Store developer cost is $99 a year. As an OSS project, we can't afford that, it would come out of our own bank account(s), and even with a sponsors program, there is no promise we'll reach $99 each year for the membership.
d) We would also need to look into Windows App signing as well, it wouldn't be fair to only have it for Apple Apps.
e) Barrier development has stalled due to a lack of developers, so I'm not convinced we need to implement this as a matter of urgency - I'm sure that's understandable.
I hope this clears up the matter and gives some insight into the current situation.
On Sun, May 30, 2021, at 12:54 AM, jmahone wrote:
--
Kind regards,
dom rodriguez (shymega)
@shymega commented on GitHub (May 31, 2021):
OK, actually, Apple App Store might not be possible. GPL incompatibility!
@shymega commented on GitHub (Jun 13, 2021):
OK, been reading into this some more. From what I understand, and IANAL, it seems that GPLv3 has an 'anti-DRM' clause which is incompatible with the Apple App Store terms and conditions. Barrier is licensed under GPLv2, which doesn't appear to have the anti-DRM clause AFAICT.
I personally would rather not drag Barrier into any legal complications. The notion that we could change the license is not possible. We have 153 authors of commits on the repository. To change the license, we would have to contact every one of these authors. It is a huge logistical challenge. IF we could get a lawyer involved, that may give us further clarity. Bear in mind we forked from Symless, so again, I'm reluctant to do anything with licensing.
I suppose the real conclusion is now that we simply cannot submit Barrier to the App Store as much of an inconvenience it may be.
I have no choice but to close this issue due to these licensing issues. Apologies.
@jds655 commented on GitHub (Nov 29, 2021):
watching
@JasonKeirstead commented on GitHub (Mar 20, 2024):
Tried to install this app in my environment today and could not due to this issue.
I want to clear up some things in here
Signing an app for MacOS so that it can pass Gatekeeper has nothing to do with it being listed in the Mac store or not. These are different problems. Therefore the whole GPLv3 discussion does not belong here. There are thousands and thousands of GPL projects on Github that sign their apps with codesign before posting the DMG. Signing your code is not a GPL discussion.
Self-signed apps are fine. Gatekeeper will issue a warning, that the user can accept if they have Administrator permissions. However, if the app is not signed at all, the user is SOL.
I highly reccomend this issue be re-opened and the signing done, as right now Barrier is locked out from the majority of people who have Mac. There actually isn't any point in posting the Mac image at all, since no one can use it as-is.
@shymega commented on GitHub (Mar 20, 2024):
Barrier is no longer maintained, see Input Leap.
GPL-wise, yes, signing is fine, I didn't dispute that (reading back). However, submitting to the Mac Store could be an issue.
The issue will not be re-opened. The project is no longer maintained.
Also, people could use the DMG, just not in environments where that ability was restricted.