Digital signing for OS X Mountain Lion

Make suggestions for improving one of the best games on the net!
Post Reply
cidentan50
Private First Class
Private First Class
Posts: 45
Joined: Thu Jan 19, 2006 8:20 pm

Digital signing for OS X Mountain Lion

Post by cidentan50 »

OS X Mountain Lion, due out this summer, will change the type of apps allowed to run. The default will be to only allow (1) apps from the Mac App Store and (2) apps from outside the app store that have been digitally signed by the developer with a certificate issued by Apple. The two other choices for this setting will be to allow "Mac App Store only" or apps from "Anywhere." BZFlag is distributed outside the Mac App Store, so it would be easiest for users if the game were digitally signed by the BZFlag team.

There is no approval/rejection process beforehand for either the app or the developer. Nor is there any fee. As I understand it, developers simply sign up for a free developer account, fill out an automated form, and the server instantly spits out a certificate file to use for signing the app.

Apple's idea here is to provide a small amount of security for apps not approved by Apple for it's app store. Signing links the binary to the developer's identity, giving Apple a kill switch if the developer turns evil. It also verifies to the OS that the binary wasn't tampered with by someone other than the developer. Yet at the same time, the kill switch and the restrictions on what apps are allowed to run are easily bypassed or disabled by the user.

More info here and here.
Last edited by cidentan50 on Fri Feb 17, 2012 5:56 pm, edited 1 time in total.
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Digital signing for OS X Mountain Lion

Post by blast »

Yeah, I don't see us probably bothering with that. By the time 10.8 is out, we'll probably have already released our last version of BZFlag.
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
User avatar
Bullet Catcher
Captain
Captain
Posts: 564
Joined: Sat Dec 23, 2006 7:56 am
Location: Escondido, California

Re: Digital signing for OS X Mountain Lion

Post by Bullet Catcher »

Apple says, "you can even temporarily override your setting by Control-clicking, and install any app at any time." So all we really have to do is be prepared to teach BZFlag players to install using control-click. It is easy enough to get an Apple developer account if we do choose to sign BZFlag.
cidentan50
Private First Class
Private First Class
Posts: 45
Joined: Thu Jan 19, 2006 8:20 pm

Re: Digital signing for OS X Mountain Lion

Post by cidentan50 »

The first time a new user launches an app that isn't from the app store and isn't signed, this is what they'll see:
Image
"You should move it to the Trash." (Source)

That could scare some users away, and a thought I just had was that parental controls might get an option to block the override for specific OS X accounts. That's speculation on my part, but it sounds like a feature Apple would likely add. Many BZFlag players are kids, but they might get blocked if their parents disable unsigned apps.

I've done something like this for Safari extensions (getting a digital certificate from Apple), and the process took no more than 5-10 minutes. It was very easy.
User avatar
allejo
Breaker of Builds
Breaker of Builds
Posts: 809
Joined: Sun Feb 17, 2008 10:01 pm
Location: /dev/null
Contact:

Re: Digital signing for OS X Mountain Lion

Post by allejo »

My guess would be it's only some time until someone can get past the digital signatures in OS X 10.8
User avatar
joevano
General
General
Posts: 1863
Joined: Sat Jun 18, 2005 1:08 pm
Location: South Bend, Indiana, USA

Re: Digital signing for OS X Mountain Lion

Post by joevano »

Getting passed it is built it to the OS:
Even with the most restrictive setting of "Mac App Store Applications only", you can still force an app to run by right-clicking on it and selecting Open. This will display a warning that lets you override the restriction and run the application. Again, you only have to this the first time you run the app.
This should not be a really big issue...
There is nothing worse than aggressive stupidity. -- Johann Wolfgang von Goethe
"How many legs does a dog have if you call his tail a leg? Four. Calling a tail a leg doesn't make it a leg." -- Abraham Lincoln
User avatar
dartman
Private First Class
Private First Class
Posts: 682
Joined: Sat Jul 16, 2005 4:20 pm
Contact:

Re: Digital signing for OS X Mountain Lion

Post by dartman »

But if you look at the warning, as Captain said, it would make it sound like BZFlag would harm the person's computer, which could scare away potential new players--which is the last thing BZFlag needs right now.
My guess would be it's only some time until someone can get past the digital signatures in OS X 10.8
Maybe, but why should we force users to work around it just because they're on a Mac, when doing it the right way is a quick, easy and free process?
Post Reply