Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,646
16,788



With developers needing to prepare for Apple's new Gatekeeper feature in OS X 10.8 Mountain Lion, Apple has revealed that the functionality is already baked into OS X 10.7.3 but hidden by default. Apple has instructed developers that they can enable Gatekeeper on OS X 10.7.3 from the command line in order to test the functionality.
Mac OS X users will soon have the option of turning on Gatekeeper, a new Mac OS X security feature. When a user does this, the system provides an additional measure of safety: it blocks that user from opening newly-downloaded applications that are not Developer ID-signed. In this scenario, the same user is easily able to launch downloaded applications that are Developer ID-signed.

By default, Gatekeeper is not enabled in Mac OS X v10.7.3. For testing purposes, you can turn it on by using the new Mac OS X system policy control command-line tool, spctl(8).
Running the command "sudo spctl --enable" in Terminal will enable Gatekeeper on OS X 10.7.3, and the system can be turned off by replacing "enable" with "disable". With the system enabled, developers can then test how their applications will behave on systems using Gatekeeper.

gatekeeper_lion.jpg



Warning for non-signed application download with Gatekeeper activated on OS X 10.7.3
Regular users obviously would have little use for activating Gatekeeper on their Lion systems at the present time, as developers have not yet had a chance to begin distributing updated versions of their applications integrating the new Developer-ID functionality. But its inclusion in OS X 10.7.3 is an interesting tidbit that will help developers test their applications with the new program and explains why the new Xcode 4.3 that supports Developer-ID requires OS X 10.7.3.

In another sign of Apple's desire to quickly implement Gatekeeper, Panic's Cabel Sasser notes that Apple contacted select developers last week to invite them to learn more about the feature.

Article Link: Gatekeeper Already Present in OS X 10.7.3, Available for Developer Testing
 

faroZ06

macrumors 68040
Apr 3, 2009
3,387
1
Wait, how is this going to work with open-source stuff that you compile yourself?

Then again, advanced users might not need Gatekeeper. I'd like an option to just have it quickly inform me that it is not signed but open it and not prompt me to allow or disallow it to open.
 
Last edited:

waltermitty

macrumors member
Apr 25, 2010
65
0
This is ridiculous. An obvious money grabbing attempt by making users (by default) go through their App Store to get their software and system updates.
 

Durendal

macrumors 6502
Apr 12, 2003
287
1
I figured it would come to this. Apple doesn't need to lock OS X down to App Store only. Savvy users will get around it anyway. Instead, they continuously make it more and more likely that clueless users (the majority of all computer users, Apple or otherwise) won't know the difference. This will only make them scared of anything outside the App Store, which means they won't get anything that isn't in the App Store if they can help it, which means developers of just about anything commercial that isn't already huge (ie, Adobe, Microsoft, etc) will be forced to use the App Store or remain a niche for the savvier users. Way to go, Apple. Steve may be gone, but his spirit lives on.

Sigh...I almost wonder if I should make the move to a good Linux distro. Almost. I'm not there yet, but if Apple continues this trend, I probably will be. It's almost like Apple is TRYING to drive the savvy users away from the platform.
 

spazzcat

macrumors 68030
Jun 29, 2007
2,859
1,731
Wait, how is this going to work with open-source stuff that you compile yourself?

Then again, advanced users might not need Gatekeeper. I'd like an option to just have it quickly inform me that it is not signed but open it and not prompt me to allow or disallow it to open.

It will only prompt you once
 

coder12

macrumors 6502a
Jun 28, 2010
512
3
Wait, how is this going to work with open-source stuff that you compile yourself?

Then again, advanced users might not need Gatekeeper. I'd like an option to just have it quickly inform me that it is not signed but open it and not prompt me to allow or disallow it to open.

System Preferences >> "Anything"
 

benthewraith

macrumors 68040
May 27, 2006
3,138
143
Fort Lauderdale, FL
If you're distributing open source software to consumers, the majority of which don't even know System Preferences exists, how the hell do you expect them to know how to disable Gate Keeper?
 

faroZ06

macrumors 68040
Apr 3, 2009
3,387
1
This is ridiculous. An obvious money grabbing attempt by making users (by default) go through their App Store to get their software and system updates.

It will also bring more unity to Apple developers and eliminate the problem of malware. Apple just needs to make the App Store tariff-free (except for a fee if you want them to host the file for you).
 

spazzcat

macrumors 68030
Jun 29, 2007
2,859
1,731
I figured it would come to this. Apple doesn't need to lock OS X down to App Store only. Savvy users will get around it anyway. Instead, they continuously make it more and more likely that clueless users (the majority of all computer users, Apple or otherwise) won't know the difference. This will only make them scared of anything outside the App Store, which means they won't get anything that isn't in the App Store if they can help it, which means developers of just about anything commercial that isn't already huge (ie, Adobe, Microsoft, etc) will be forced to use the App Store or remain a niche for the savvier users. Way to go, Apple. Steve may be gone, but his spirit lives on.

Sigh...I almost wonder if I should make the move to a good Linux distro. Almost. I'm not there yet, but if Apple continues this trend, I probably will be. It's almost like Apple is TRYING to drive the savvy users away from the platform.

Commercial developers will sign their apps. If the app is sign this message will not show up.
 

Durendal

macrumors 6502
Apr 12, 2003
287
1
I like the idea. Apple is preparing for the Windows style virus that are slowing starting to arise.
Oh baloney. This would only "prevent" install-and-authenticate malware, and if malware for OS X continues to evolve as it has on Windows, you may not need to actually run an installer. Anyone who turns it off won't get any kind of warning and malware continues. Those who leave it on probably won't get anything outside of the App Store, which is the real idea behind this: Scare the newbies into giving more money to Apple.
 

faroZ06

macrumors 68040
Apr 3, 2009
3,387
1
If you're distributing open source software to consumers, the majority of which don't even know System Preferences exists, how the **** do you expect them to know how to disable Gate Keeper?

Consumers don't use open-source software (excluding open-source projects that have native Mac versions)...
 
Last edited:

spazzcat

macrumors 68030
Jun 29, 2007
2,859
1,731
This is ridiculous. An obvious money grabbing attempt by making users (by default) go through their App Store to get their software and system updates.

I don't get why you wouldn't buy your app from the app store if its there?
 

rnizlek

macrumors 6502
Mar 31, 2004
305
107
Washington, DC
So the answer is: it won't work.

Do you know that, or are you just speculating? You'll need to get a certificate, but who's to say Apple will charge for certificates? And if they do charge, charge a lot? I think it's only in their interest to make development for the platform easy.

I think what makes sense is an option to keep gatekeeper on but allow exceptions on an individual app basis. That way you get the benefit of the protection even without all of your apps being signed.
 

Can't Stop

macrumors 6502
Dec 22, 2011
342
0
If you're distributing open source software to consumers, the majority of which don't even know System Preferences exists, how the hell do you expect them to know how to disable Gate Keeper?

And yet on these Mountain Lion threads we have at leats one "genius" per page offering Linux as the holy grail "problem" solving "solution" :D makes me wonder.
 

Durendal

macrumors 6502
Apr 12, 2003
287
1
Commercial developers will sign their apps. If the app is sign this message will not show up.
Not on the strictest setting, and do we know what it will take for this stuff to get signed? I get the feeling it means money, something small-time/open source guys probably won't want to spend.
 

spazzcat

macrumors 68030
Jun 29, 2007
2,859
1,731
Not on the strictest setting, and do we know what it will take for this stuff to get signed? I get the feeling it means money, something small-time/open source guys probably won't want to spend.

You sign it and send out the update to your customers. The only part Apple has in this is they issue the certs.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.