Mac OS Mountain Lion: Is it possible to code sign applications for Gatekeeper without paying Apple for a developer membership?

Asked 19/6, 2012 at 8:42 Answered 16/7, 2012 at 1:50

Solved mac-app-store osx-mountain-lion osx-gatekeeper

My understanding is that Mountain Lion will be released in a configuration that forbids the installation of non-signed applications by default through Gatekeeper.

I currently distribute an open source application; this is a hobby project and I do not charge any money for it. Am I able to sign the code for this application without purchasing a Mac developer membership, or is Apple requiring that all developers pay $99/year to release applications that install on the default configuration of Mountain Lion?

Waltz answered 19/6, 2012 at 8:42 Comment(0)

Note that "you can manually override Gatekeeper by Control-clicking the app and choosing to open it." Not obvious from Apple's description is that you only need to do this once for any given app, so it shouldn't cause much inconvenience to your users one way or the other. Apple seems to understand that if Gatekeeper is inconvenient, people will simply turn it off.

As for whether only paid program members will be eligible for Developer ID certificates after the release of Mountain Lion, I'm not aware of any statement by Apple one way or the other. Developer ID links currently seem to be redirecting free users to the paid program enrollment page, however.

Sid answered 16/7, 2012 at 1:50 Comment(2)

from this pdf on apple's website: developer.apple.com/library/mac/documentation/security/… it says on page 12 that you can use self signed certificates to run it on your machine but other computers won't be able to verify your self signed certificate and won't run =/ – Beckiebeckley 28/7, 2012 at 8:20

My point was that the default Gatekeeper settings in ML don't actually "forbid" running unverifiable code. As your link points out, other applications of code signing have other requirements, including, in certain cases, a requirement that the code-signing certificate be chained to a trusted root. For examples, see Apple's technote 2206. Even in cases where I can get away with it, though, including testing, I generally wouldn't self-sign anything other than a CA root certificate. – Sid 29/7, 2012 at 12:13

If your application is web based application, you can avoid developer membership otherwise you can't.

Passable answered 19/6, 2012 at 8:57 Comment(2)

What is a web-based application in this context? And do you have link that you need the paid membership (there are free programs, too)? – Outspan 20/6, 2012 at 5:3

In this context of avoiding Developer ID signing requirements, a "Web-based application" would be anything you're not delivering as a standalone Mac application bundle, including applications that require users to install custom-built browser plug-ins . . . or, for that matter, kernel extensions. – Sid 29/7, 2012 at 12:29

Recommended topics

Hot tags