systa on macOS Big Sur

Hi, 

I've gone ahead and made `systa` executable using `chmod u+x systa`.  When I run it, macOS tells me that it cannot be verified by the developer.  I'm assuming this has something to do with signing the file?  Do we need to sign `systa` with our own certs to get it to work as well for packaging and shipping it with our NodeJS application?  Please advise.

Thanks,

Arie

Yes, sign it with your own certs.

Thanks, Wyatt.  

I am signing both the `systa` and the `libTurboActivate.dylib" files like so:

codesign --verbose --force --timestamp --sign "Developer ID Application: My Company, Inc. (XXXXXXXXXX)" "${limelm_helper}"

codesign --verbose --force --timestamp --sign "Developer ID Application: My Company, Inc. (XXXXXXXXXX)" "${limelm_lib}"

This outputs the following:

Signing WyDay Licensing Helper App...
/Dev/myapp/licensing/macOS/systa: replacing existing signature
/Dev/myapp/licensing/macOS/systa: signed Mach-O universal (x86_64 arm64) [systa]


Signing WyDay Licensing Library...
/Dev/myapp/licensing/macOS/libTurboActivate.dylib: replacing existing signature
/Dev/myapp/licensing/macOS/libTurboActivate.dylib: signed Mach-O universal (x86_64 arm64) [libTurboActivate]

So it appears that the files do get signed.  Now, I've got the `systa`, `libTurboActivate.dylib`, and the `TurboActivate.dat` files in one directory.  When I run `systa` I am presented with a GUI alert /  error message from macOS stating:

“libTurboActivate.dylib” can’t be opened because Apple cannot check it for malicious software.  This software needs to be updated. Contact the developer for more information.

Chrome downloaded this file today at 1:51 PM from wyday.com.

In the terminal after running `systa` I seeing the following:

dyld: Library not loaded: @rpath/libTurboActivate.dylib
  Referenced from: /Dev/myapp/licensing/macOS/./systa
  Reason: no suitable image found.  Did find:
	/Dev/myapp/licensing/macOS/./libTurboActivate.dylib: code signature in (/Dev/myapp/licensing/macOS/./libTurboActivate.dylib) not valid for use in process using Library Validation: library load disallowed by system policy
	/Dev/myapp/licensing/macOS/./libTurboActivate.dylib: stat() failed with errno=1
zsh: abort      ./systa

Is there a particular set of flags and values that need to be used to sign the libTurboActivate.dylib file?

Thanks!

, edited

Looks like we might have to start signing executables on macOS again. Unfortunately it's a pain in the ass to get these certs because Apple inexplicably uses the defunct / outsourced, “Dun & Bradstreet" for “reputation information”.

So, we'll start this process, but no hard date on when we actually get usable certs from Apple.

I think we are going to have to create a .pkg installer for the NodeJS app unfortunately.  This will allow us to harden the .dylib via their notarization system.  They don't allow devs to just send up .dylibs — they have to be a part of a package or runtime.  Thanks for the clarification, and for adding this to an internal ticket, but I totally understand about timelines.