Hi, I'm seeing the following when I attempt to install R-patched, as from http://mac.r-project.org/: --- ?R-3.6-branch-el-capitan-signed.pkg? can?t be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information. --- I suspect this is pain being imposed by the requirement for notarized applications / installers. The dialog can be overridden through the Security & Privacy preferences pane, but Apple does not make this obvious. The official R 3.6.1 installer is not affected; likely because it was grandfathered in due to its being published before Catalina was rolled out. Are there plans to notarize these builds of R? (can we be helpful in making that happen?) Best, Kevin
R-patched installers cannot be run on Catalina
6 messages · Kevin Ushey, Dr Eberhard W Lisse, Simon Urbanek +1 more
You could always issue sudo spctl --master-disable :-)-O el
On 2019-10-11 19:59 , Kevin Ushey wrote:
Hi, I'm seeing the following when I attempt to install R-patched, as from http://mac.r-project.org/: --- ?R-3.6-branch-el-capitan-signed.pkg? can?t be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information. --- I suspect this is pain being imposed by the requirement for notarized applications / installers. The dialog can be overridden through the Security & Privacy preferences pane, but Apple does not make this obvious. The official R 3.6.1 installer is not affected; likely because it was grandfathered in due to its being published before Catalina was rolled out. Are there plans to notarize these builds of R? (can we be helpful in making that happen?) Best, Kevin
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
Dr. Eberhard W. Lisse / Obstetrician & Gynaecologist (Saar) el at lisse.NA / * | Telephone: +264 81 124 6733 (cell) PO Box 8421 / Bachbrecht, Namibia ;____/
Kevin, thanks for the report. We are aware of the notarization and there are plans, but at this point it's unclear if it's even possible, given the various constraints and the way R works (it's unlikely that R as it is will pass the test). We definitely hope to have a solution for R 4.0.0, but it's unlikely that any R 3.x version can be released in a conform way. Cheers, Simon
On Oct 11, 2019, at 1:59 PM, Kevin Ushey <kevinushey at gmail.com> wrote: Hi, I'm seeing the following when I attempt to install R-patched, as from http://mac.r-project.org/: --- ?R-3.6-branch-el-capitan-signed.pkg? can?t be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information. --- I suspect this is pain being imposed by the requirement for notarized applications / installers. The dialog can be overridden through the Security & Privacy preferences pane, but Apple does not make this obvious. The official R 3.6.1 installer is not affected; likely because it was grandfathered in due to its being published before Catalina was rolled out. Are there plans to notarize these builds of R? (can we be helpful in making that happen?) Best, Kevin
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
Hi, I am going to presume that Simon is already aware of this, but there is a page on the Apple Dev site that describes the workflow that can be implemented/customized to automate the notarization process via scripting: https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow Whether this can be done efficiently to support the nightly builds via the current build system would be the question. Also, with nightly builds, there is a risk of the notarization process introducing delays, as just happened: https://www.macrumors.com/2019/10/10/apple-macos-catalina-app-notarization-slow/ Regards, Marc Schwartz
On Oct 11, 2019, at 4:25 PM, Dr Eberhard W Lisse <el at lisse.NA> wrote: You could always issue sudo spctl --master-disable :-)-O el On 2019-10-11 19:59 , Kevin Ushey wrote:
Hi, I'm seeing the following when I attempt to install R-patched, as from http://mac.r-project.org/: --- ?R-3.6-branch-el-capitan-signed.pkg? can?t be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information. --- I suspect this is pain being imposed by the requirement for notarized applications / installers. The dialog can be overridden through the Security & Privacy preferences pane, but Apple does not make this obvious. The official R 3.6.1 installer is not affected; likely because it was grandfathered in due to its being published before Catalina was rolled out. Are there plans to notarize these builds of R? (can we be helpful in making that happen?) Best, Kevin
The issue is not the process, the issue is that Apple requires particular way to build the binaries with particular tools in order to even be able to pass the notarization process and our current build does not use those. We can't change the tools in the middle of the release so for R 3.6.x we're stuck with what we are currently using which Apple doesn't accept. Hence the only hope is for R 4.0.0 and we're working on that. Cheers, Simon
On Oct 11, 2019, at 4:39 PM, Marc Schwartz via R-SIG-Mac <r-sig-mac at r-project.org> wrote: Hi, I am going to presume that Simon is already aware of this, but there is a page on the Apple Dev site that describes the workflow that can be implemented/customized to automate the notarization process via scripting: https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow Whether this can be done efficiently to support the nightly builds via the current build system would be the question. Also, with nightly builds, there is a risk of the notarization process introducing delays, as just happened: https://www.macrumors.com/2019/10/10/apple-macos-catalina-app-notarization-slow/ Regards, Marc Schwartz
On Oct 11, 2019, at 4:25 PM, Dr Eberhard W Lisse <el at lisse.NA> wrote: You could always issue sudo spctl --master-disable :-)-O el On 2019-10-11 19:59 , Kevin Ushey wrote:
Hi, I'm seeing the following when I attempt to install R-patched, as from http://mac.r-project.org/: --- ?R-3.6-branch-el-capitan-signed.pkg? can?t be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information. --- I suspect this is pain being imposed by the requirement for notarized applications / installers. The dialog can be overridden through the Security & Privacy preferences pane, but Apple does not make this obvious. The official R 3.6.1 installer is not affected; likely because it was grandfathered in due to its being published before Catalina was rolled out. Are there plans to notarize these builds of R? (can we be helpful in making that happen?) Best, Kevin
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
Simon, Thanks for the clarification. Regards, Marc
On Oct 11, 2019, at 4:55 PM, Simon Urbanek <simon.urbanek at R-project.org> wrote: The issue is not the process, the issue is that Apple requires particular way to build the binaries with particular tools in order to even be able to pass the notarization process and our current build does not use those. We can't change the tools in the middle of the release so for R 3.6.x we're stuck with what we are currently using which Apple doesn't accept. Hence the only hope is for R 4.0.0 and we're working on that. Cheers, Simon
On Oct 11, 2019, at 4:39 PM, Marc Schwartz via R-SIG-Mac <r-sig-mac at r-project.org> wrote: Hi, I am going to presume that Simon is already aware of this, but there is a page on the Apple Dev site that describes the workflow that can be implemented/customized to automate the notarization process via scripting: https://developer.apple.com/documentation/xcode/notarizing_your_app_before_distribution/customizing_the_notarization_workflow Whether this can be done efficiently to support the nightly builds via the current build system would be the question. Also, with nightly builds, there is a risk of the notarization process introducing delays, as just happened: https://www.macrumors.com/2019/10/10/apple-macos-catalina-app-notarization-slow/ Regards, Marc Schwartz
On Oct 11, 2019, at 4:25 PM, Dr Eberhard W Lisse <el at lisse.NA> wrote: You could always issue sudo spctl --master-disable :-)-O el On 2019-10-11 19:59 , Kevin Ushey wrote:
Hi, I'm seeing the following when I attempt to install R-patched, as from http://mac.r-project.org/: --- ?R-3.6-branch-el-capitan-signed.pkg? can?t be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information. --- I suspect this is pain being imposed by the requirement for notarized applications / installers. The dialog can be overridden through the Security & Privacy preferences pane, but Apple does not make this obvious. The official R 3.6.1 installer is not affected; likely because it was grandfathered in due to its being published before Catalina was rolled out. Are there plans to notarize these builds of R? (can we be helpful in making that happen?) Best, Kevin
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac