Post

Replies

Boosts

Views

Activity

Reply to EndpointSecurity and network events
Thanks for the information, it's really useful. Although, do you know if macOS data providers will be more restricted in the future? I mean, is it intentional that data providers on macOS are less restrictive than on iOS? Or is it a temporary state, and they will be more restricted in future versions of macOS, to make it more similar to their iOS versions? In other words, is it safe to base our business logic on that? (Because if you choose to restrict data providers in future versions of macOS, then our whole product will fail.)
Mar ’24
Reply to Notarization and hot-update feature of an app
Yes, "E1" would be the main executable for "B.app". Does the notarization system assume only bundles will be notarized? Will there be a problem (now or in the future) with notarization of individual executable/dylib files? (I understand that since "E1" would be a main executable for "B.app", then the way it should be done is to notarize the whole "B.app" bundle. But I'm interested in knowing how it looks like from Apple's perspective if I notarize "E1" individually, notarize "D" when it was a part of a different app bundle, and I don't notarize "B.app" at all).
Jan ’23
Reply to Notarization and hot-update feature of an app
Thanks for the answer @eskimo! It did clear some things up, but not everything. I'm still trying to figure out how stapling should work with an app that auto-updates itself. Let's say I have an app bundle "A.app" with 2 components: an executable "E", and a dylib file "D". I notarize the whole "A.app" bundle, and I staple it -- this part is clear. Then, I create a new app bundle "B.app", that has its own executable "E1" and the component "D" (its file has the same SHA1 as used in "A.app"). I notarize "E1" executable. I don't staple "B.app". So the questions are: Should I assume that "D" component inside "B.app" is already notarized (because it was notarized in the process of notarizing the whole A.app bundle)? Or should it be notarized once again, since it's exactly the same component as in "A.app", but now is included inside a different app bundle: "B.app"? Since I don't staple "B.app", I now depend on the system to automatically download missing staples from Apple's servers. But I never notarized the whole "B.app", I've just notarized "E1" separately, and notarized "D" as part of notarization of the whole "A.app" bundle. Is the system able to even download any notarization proofs in this case? Notarisation checks typically only kick in if your code is quarantined and the software update system within your app doesn’t have to quarantine anything. Do you know if it will stay like this in the future as well?
Jan ’23