undefined | Better HN

0 pointsanentropic4y ago0 comments

Looks like this explains how: https://www.digicert.com/kb/code-signing/mac-os-codesign-too... but... "only Apple Developer code signing certificates are compatible with GateKeeper"

Does code-signing with an ad hoc certificate and no notarization provide any better experience than just unsigned code?

Do you get a friendlier message (c/f "malicious software: Move to Trash") when Gatekeeper blocks it?

0 comments

Unsigned (arm64) binaries don't run at all on M1 Macs, so yes, an ad-hoc certificate provides a better experience ;)

I just tried an unsigned bin on M1 Big Sur and the experience is the same:

it's initially blocked with a "Move to Trash" dialog

but you can go to security prefs and click "allow anyway"

Then try again, click "open" rather than "move to trash" on another warning dialog and the file does get run.

I haven't tried a signed+un-notarized one but it sounds like it'd be similar?

I suspect that the code you're trying to run is ad-hoc signed.

j / k navigate · click thread line to collapse