Author Topic: 20.03 for the Mac build .....  (Read 563 times)

Offline dkulp

  • Multiple posting newcomer
  • *
  • Posts: 15
20.03 for the Mac build .....
« on: April 09, 2020, 01:51:42 am »

I just uploaded a build of 20.03 for the mac to:

https://dankulp.com/cb/

This build is completely signed and notarized using my personal Apple Developer ID.  Thus, it should be installable/runnable fairly easily even with gatekeeper enabled.  That said, there are a few things to note:

1) This is using a custom build of wxWidgets, not the latest 3.1.3 release.    There are a few fixes that are needed including a fix that isn't even committed to wxWidgets yet to allow wxSmith to at least "mostly work".

2) Signing/notarizing the app requires using the hardened runtime.   My gut feeling is that this will prevent something from working correctly, but I'm really not sure.   I only use Codeblocks for wxSmith so I haven't attempted anything else with it.   Most likely we'll need to add entitlements for this to fully work.

3) It does NOT include the spellchecker, FileManager, NassiShneiderman, or profiler plugins as I don't have the deps installed for those.

Enjoy!
Dan


Offline oBFusCATed

  • Developer
  • Lives here!
  • *****
  • Posts: 12810
    • Travis build status
Re: 20.03 for the Mac build .....
« Reply #1 on: April 09, 2020, 09:48:50 am »
Thanks.

Can you explain the process of notarization? Do we need to have a paid dev account to do it?
What do you mean by hardened runtime?
(most of the time I ignore long posts)
[strangers don't send me private messages, I'll ignore them; post a topic in the forum, but first read the rules!]

Offline dkulp

  • Multiple posting newcomer
  • *
  • Posts: 15
Re: 20.03 for the Mac build .....
« Reply #2 on: April 09, 2020, 02:31:47 pm »

The notarizing part is relatively easy.   If basically involves sticking the .app into a dmg an submitting it to Apple and then waiting 5-10 minutes.   Once you get the email saying it was successful, you can "staple" the notarization onto the app and repeat to then do the same for the dmg.   You don't HAVE to do the stapling parts, but then the user will need to be online when you first open the DMG and run the app so it can go verify them with Apple.   It's relatively easy, just takes an extra 10-15 minutes at build time to wait for Apple to do it's thing.

The harder part of the process is getting the code signed and getting setup for that.   The hardened runtime restricts a few things like access to microphones and cameras and such which we likely don't need.   However, it also restricts it from attaching to other processes (like to act as a debugger) and loading unsigned libraries and such which we MAY need.   There are flags (called entitlements) that you can set to enable these things if needed, but CodeBlocks doesn't setup any of that yet. 

Signing and Notarizing DOES require a paid developer account.   The $100/year personal Apple developer account is enough, but that's obviously only for a single user.    I don't know what the costs are or anything for "Organization" level access with multiple developers and such.   

Anyway, I filed https://sourceforge.net/p/codeblocks/tickets/944/ with the small patch that was needed for the Info.plist so the signing will work and the script that I used to sign it, package it, and submit to Apple for notarization.