|
|
|
10-13-2019, 10:52 PM
|
#1
|
Human being with feelings
Join Date: Jan 2010
Location: Auckland, New Zealand
Posts: 4
|
Reaper must be notorised by Apple to run on Catalina
Hi folks
Well, MacOS 10.15 Catalina release came around, and I upgraded to it (I had reasons). Reaper ran fine, no problems at all - as long as you're not dependent on SWS extensions - Catalina has a security issue with its dylib.
Feeling slightly smug, I got on with it....until today's Reaper upgrade from 5.983 to 5.984. Now instead of Reaper, I have a MacOS X pop-up that says:
"REAPER64" can't be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information.
So, dear folks at Cockos, I hope you were aware of this coming your way from Apple...?
From Apple News( https://developer.apple.com/news/?id=06032019i), all Mac apps, installer packages, and kernel extensions that are signed with Developer ID must also be notarized by Apple in order to run on macOS Catalina.
|
|
|
10-13-2019, 11:37 PM
|
#2
|
Human being with feelings
Join Date: Jun 2013
Location: Krefeld, Germany
Posts: 14,688
|
Apple seems to be doomed
-Michael
|
|
|
10-14-2019, 03:43 AM
|
#3
|
Human being with feelings
Join Date: May 2006
Location: Surrey, UK
Posts: 19,677
|
Several big developers have advised against updating to Catalina until they (the developers) have updated their programs / plug-ins / installers as needed.
__________________
DarkStar ... interesting, if true. . . . Inspired by ...
|
|
|
10-14-2019, 05:36 AM
|
#4
|
Human being with feelings
Join Date: Jun 2013
Location: Krefeld, Germany
Posts: 14,688
|
Quote:
Originally Posted by DarkStar
Several big developers have advised against updating to Catalina until they (the developers) have updated their programs / plug-ins / installers as needed.
|
Supposedly some (less "big") never will...
-Michael
|
|
|
10-14-2019, 06:39 AM
|
#5
|
Human being with feelings
Join Date: Apr 2010
Posts: 5
|
... thought the problem was resolved but it is not
Update: Error found with running Reaper in OS Catalina is not resolved by reboot.
|
|
|
10-14-2019, 07:57 AM
|
#6
|
Human being with feelings
Join Date: Oct 2018
Posts: 9
|
If you right click on the app and click open it should work.
|
|
|
10-14-2019, 09:07 AM
|
#7
|
Administrator
Join Date: Mar 2007
Location: NY
Posts: 15,750
|
It will work if you go to System Preferences > Security & Privacy, and click "Open Anyway" at the bottom. You only need to do that once, until you install a newer version of REAPER.
|
|
|
10-14-2019, 09:40 AM
|
#8
|
Administrator
Join Date: Jan 2005
Location: NYC
Posts: 15,721
|
|
|
|
10-14-2019, 09:52 AM
|
#9
|
Human being with feelings
Join Date: Mar 2019
Posts: 876
|
Here Reaper works as expected under macOS10.15. SWS as well.
If continuous problems loading SWS plugin, you can try force code-sign like this,
Drag and drop the dylib extension (blue text) into Terminal after command:
codesign --force --deep --sign - /reaper_sws_extension.dylib
https://i.ibb.co/HdYtMRV/reaper-osx10-15.gif
.
Last edited by PhelixK; 10-14-2019 at 10:19 AM.
Reason: thumb
|
|
|
10-14-2019, 01:15 PM
|
#10
|
Administrator
Join Date: Jan 2005
Location: NYC
Posts: 15,721
|
For SWS you can fix it by running this from Terminal.app:
Code:
xattr -d com.apple.quarantine ~/Library/Application\ Support/REAPER/UserPlugins/reaper_sws_extension.dylib
|
|
|
10-14-2019, 03:58 PM
|
#11
|
Human being with feelings
Join Date: Oct 2007
Location: home is where the heart is
Posts: 12,096
|
Quote:
Originally Posted by PhelixK
hmm, I believe I tried that as well.
Anyway, I see there's a typo, a reverse solidus, line should be:
Code:
xattr -d com.apple.quarantine ~/Library/Application Support/REAPER/UserPlugins/reaper_sws_extension.dylib
|
It's to escape the space in the filepath.
|
|
|
10-14-2019, 04:12 PM
|
#12
|
Human being with feelings
Join Date: Mar 2019
Posts: 876
|
Quote:
Originally Posted by nofish
It's to escape the space in the filepath.
|
ah yes of course, works in Terminal, but not in Finder, thanks.
|
|
|
10-14-2019, 05:07 PM
|
#13
|
Human being with feelings
Join Date: Oct 2017
Location: Black Forest
Posts: 5,054
|
This is insane.... staying with Mojave for the time being.
|
|
|
10-14-2019, 10:47 PM
|
#14
|
Human being with feelings
Join Date: Jan 2010
Location: Auckland, New Zealand
Posts: 4
|
Devil's advocate
Quote:
Originally Posted by _Stevie_
This is insane.... staying with Mojave for the time being.
|
Well, no, I don't think it is.
When I started this thread I was slightly peeved at this hiccup (thanks folks, by the way, for the solution - worked like a dream) but I knew the risk I was taking without thoroughly researching readiness. I wouldn't do that on a client's production servers, but I chose to on my Mac. Caveat whatnot. But more importantly I'm not sure it's a Bad Idea.
Now, I'm coming late to the debate (I've been a developer for many years, but I'm not an active MacOS developer, so haven't been paying attention) so there may be something I'm unaware of, but I can see the merit in "notarising" packages. Given how it's being used, at least here, they're clearly taking some sort of checksum that MacOS systems can use to verify the contents. Sounds like a worthy goal and perhaps a reasonable plan to me, frankly. I don't see anyone else, outside of proprietary systems like iSeries, doing anything significant about the issue...
Are they charging for it or something?
|
|
|
10-14-2019, 11:07 PM
|
#15
|
Human being with feelings
Join Date: Jun 2009
Location: Croatia
Posts: 24,790
|
No, they're not charging AFAIK, but you have to send your installer to them and then WAIT until they process their queue. Considering how fast Cockos can be with updates to Reaper, I don't see this as being useful to Cockos as it would just delay each and every release (whereas Win and Linux people can just get on with their lives without any of this crap), hence the user-side workarounds proposed.
|
|
|
10-14-2019, 11:11 PM
|
#16
|
Human being with feelings
Join Date: Jul 2008
Location: The Netherlands
Posts: 3,645
|
Well, actually you do have to have a developer account, which is not free. But they are indeed not charging per upload.
|
|
|
10-14-2019, 11:16 PM
|
#17
|
Human being with feelings
Join Date: Jun 2009
Location: Croatia
Posts: 24,790
|
I'd assume Cockos already has that account. Still, it's a needless hassle that slows down your releases, particularly when they're as often occuring as they do with Cockos...
|
|
|
10-15-2019, 12:19 AM
|
#18
|
Human being with feelings
Join Date: Jul 2008
Location: The Netherlands
Posts: 3,645
|
Quote:
Originally Posted by EvilDragon
Still, it's a needless hassle that slows down your releases, particularly when they're as often occuring as they do with Cockos...
|
Amen to that!
|
|
|
10-15-2019, 05:08 AM
|
#19
|
Human being with feelings
Join Date: Jun 2013
Location: Krefeld, Germany
Posts: 14,688
|
Quote:
Originally Posted by EvilDragon
I'd assume Cockos already has that account. Still, it's a needless hassle that slows down your releases, particularly when they're as often occuring as they do with Cockos...
|
In fact actually preventing any Beta testing.
-Michael
|
|
|
10-15-2019, 09:03 AM
|
#20
|
Human being with feelings
Join Date: Jun 2011
Location: Belgium
Posts: 5,246
|
Quote:
Originally Posted by mschnell
In fact actually preventing any Beta testing.
-Michael
|
Can't you pass a beta through the Apple notarisation system? You can for iOS, in any case.
It's much more harmful for open source software, especially libraries. Not to mention 3rd party kernel extensions won't be possible anymore either, IIUC.
__________________
In a time of deceit telling the truth is a revolutionary act.
George Orwell
|
|
|
10-15-2019, 12:08 PM
|
#21
|
Human being with feelings
Join Date: Jun 2013
Location: Krefeld, Germany
Posts: 14,688
|
Quote:
Originally Posted by cyrano
It's much more harmful for open source software, especially libraries. Not to mention 3rd party kernel extensions won't be possible anymore either, IIUC.
|
I suppose this is the hidden goal of the effort: even more lock the users in their commercial universe.
-Michael
|
|
|
10-16-2019, 02:03 AM
|
#22
|
Human being with feelings
Join Date: Jun 2011
Location: Belgium
Posts: 5,246
|
At the same time, they're pushing Swift on Linux. The just released a new one for Ubuntu yesterday.
Gotta love Apple
__________________
In a time of deceit telling the truth is a revolutionary act.
George Orwell
|
|
|
10-18-2019, 05:04 AM
|
#23
|
Human being with feelings
Join Date: Nov 2007
Location: France
Posts: 919
|
is it time to leave OSX.
I will probably buy a new mac next year and I don't want to purchase an expensive and useless computer ?
|
|
|
10-22-2019, 10:20 AM
|
#24
|
Human being with feelings
Join Date: Sep 2010
Posts: 12,561
|
Quote:
Originally Posted by dupont
is it time to leave OSX.
I will probably buy a new mac next year and I don't want to purchase an expensive and useless computer ?
|
OSX isn't broken yet. When it finally dies... Let's say 10.13.6 is the last stable version they ever release. Based on previous patterns, you'll have 10 years before any 3rd party software stops supporting that OS and tells you it's too old.
The last genuine "Apple" Apple computers are the mid 2012 models. Post Steve Jobs machines are fragile and not very Apple-like. These are what I call "in-between times". Buy used right now if you want an Apple. The new post-Jobs machines are so fragile that even a 10 year old genuine Apple will still outlast them. There are risks with buying used of course but when you can buy 5 machines with higher spec for the same as the cost of a single machine...
|
|
|
10-26-2019, 03:34 PM
|
#25
|
Human being with feelings
Join Date: May 2015
Location: Québec, Canada
Posts: 4,937
|
Right clicking on the REAPER .app and selecting "Open" let's it be opened without having to open the system preferences and entering a password.
https://i.imgur.com/xBfOPua.gif
|
|
|
10-30-2019, 12:50 PM
|
#26
|
Human being with feelings
Join Date: May 2015
Posts: 7
|
Catalina is definitely fine. As above, to get REAPER to run the first time, find the application icon, right click, open, click ok at the warning. REAPER will always launch after that. It's the same for any other unsigned application.
And Justin's workaround above for SWS is also confirmed working for me under Catalina.
|
|
|
11-04-2019, 02:27 PM
|
#27
|
Human being with feelings
Join Date: Sep 2016
Posts: 23
|
I have very mixed feelings about this. On the one hand - by updating - the normal installation procedure of my Mac exploded in my face with music software. All music software companies are currently warning their users not to update yet, for a good reason. So I'm "inconvenienced" by this change.
On the other hand. The world is changing. We're using cloud drives instead of external HDs, cloud services, many new technologies. And want our OS to keep up and use those new possibilities as well. We want change, cool new things that help our workflows, as long as everything stays the same (meaning we're want new things but we don't want anything that's different, which of course doesn't work). New things mean change. New functions. New security problems.
At that, thanks to all the cloud-bonanza and always-connectedness, bad guys have found a very lucrative way of making money. Ransomware. It's probably the anti-word of the year 2019. When you read the news, you'll see that no week goes by where there's not a ransomware attack. Probably multiple. And some state, school, police department, hospital ... was hit. Millions of dollars are asked to get vital data back. This is the reality, and it happens really a lot these days. Computers are supposed to "just work", but have so many security flaws, especially the users sitting in front of it, that this happens all the time.
OS vendors should protect their users as much as possible. By notarising, Apple introduces a very annoying step for developers. But it gives Apple a very powerful tool to stop malware. Remember when VLC was hacked to spread malware? This would not have happened if VLC had been notarised. Also, should at any point, a malware infected build slip through, Apple can just revoke the certificate and no subsequent installation would work, effectively stopping the malware from spreading.
It is unfortunately the online and connected world we live in and attacks on computer systems, professional or personal, will only get better. They never get worse. And they will get more numerous. Because there is a fortune to be made with ransomware these days. It's a real gold mine.
Currently, I'm greatly inconvenienced as a user, as are many many devs. Melda Production was so pissed they even advised their customers to switch to Windows I would not like my work to be held hostage and when I think of all the moms and pops using computers, clicking on any crap on a website that tells them to download and install something, I'm more than happy to currently have a hiccup or two on the way if it means they'll be safer down the road. As will I.
Nobody is forced to move to Catalina now. It's the devs currently having the majority of work. We can still remain on Mojave.
Think of it this way. In the beginning, there were no speed limits because cars were a new concept. But today, there is a reason there are speed limits on the highway. Yes, you cannot go from A to B at 200mph, even if your car would be capable of it. On the other hand, everybody is more safe because you can't. Including you. Connected computers are a risk these days. Not because of Microsoft or Apple, but because bad guys can make a lot of money with it.
Last edited by Flint_6; 11-04-2019 at 02:34 PM.
|
|
|
11-05-2019, 02:34 AM
|
#29
|
Human being with feelings
Join Date: Sep 2016
Posts: 23
|
Quote:
Originally Posted by zabukowski
"False Benefit: Malware Scan"
|
Correct. It's not about "scanning" for malware. And I didn't say it's about scanning. It's about preventing malware from even coming to the system. It's reversing the way software is executed. Or at least this is the way it should work.
Past: Allowing everything to just download and execute, scanning for malware along the way, hoping the scanner already knows about all the bad stuff out there. The thing is, malware creation software introduces randomness on the fly and there's so much new stuff out there it's impossible to keep up.
Present: Locking the door by default. And when somebody rings, have a look who's there. It's what we have to do at home anyway. Nobody would leave their door unlocked and everybody could just come in and we would hope all of those people are nice. We lock the door by default and look who's there. We open when we think it's OK.
That's what notarisation does. By default, the door is locked. And it only lets software execute that comes from trusted sources and that are who they claim to be. For example they come with a postal service uniform, or UPS uniform. Mac now checks their ID so nobody just dresses as a postman.
Like in the case of VLC, where hackers got hold of the repository and introduced malware to the download that infected everybody that happened to download VLC from the website during that period of time. Hackers can still do that. But since they don't have access to the dev account, they cannot sign it. They could not make VLC execute on any Mac.
Reading your article, I see the drawbacks. It's not a perfect system, that's for sure. And I hope Apple will develop it further. This is just a first step and at some point, the dev needs to do the annoying mumbo-jumbo so the OS can more aggressively lock down the system. Currently, it's a balance between some added security in some cases, a lot of added annoyance, some comfort features so user's don't get to see an annoying dialog EVERY time they download an app update. I guess those rules are going to become more strict and secure so the security benefits will grow.
I also hate the idea of Apple being a gate keeper and only allowing software they like on their system, effectively locking it down like iOS. I love all the independent tools the Mac offers. But when you look at SSL certificates, where thousands of commercial companies basically can sign certificates and there's no central instance verifying them all, basically hackers are free to do what they want. Security news is also littered with cases where bad guys created false certificates for Google, Facebook and many others and countries that are more repressive and have less democracy and more surveillance use this technique to spy on their users by generating SSL certificates for Facebook so they act as a man-in-the-middle and read all traffic going through. If you open up this system, it's not going to work. It's either dangerous or more secure. Finding an acceptable balance is the hard part. And there will be tears along the way. For now, we still have options, like staying on Mojave for example.
The OSses, all of them, have to become more secure, there's no question about it. The internet has become a place where hackers can almost without fear of being caught, make millions by encrypting users' machines. It's a real plague. And even though I have lots of different backups, I don't want to get in a situation where I need those.
Last edited by Flint_6; 11-05-2019 at 07:15 AM.
|
|
|
11-05-2019, 08:03 AM
|
#30
|
Human being with feelings
Join Date: Sep 2010
Posts: 12,561
|
You can always just turn it off too if you please.
The 3rd "Allow from anywhere" option on the System Preferences security page is still hidden. (Going on 3 revisions of OSX now. Looks to be intentional.) But it's still there and you can set it with a Terminal command.
sudo spctl --master-disable
And then go back to the old method of making sure your backup clone of your system drive is current before grabbing that piratebay download. Clone back and overwrite when it turns out to be not what it said it was.
To me, this is still simple and quick and doesn't rely on trusting anything or anyone.
|
|
|
11-08-2019, 03:04 AM
|
#31
|
Human being with feelings
Join Date: Sep 2016
Posts: 23
|
Also, creating an account at Apple and notarizing a build you do might take longer than not doing it at all, but it doesn't seem like it's a multi month process. The outcry is now during the transition period and in 6 months we'll have forgotten it ever existed. Also, critical apps like iLok managed to get it working by now. This enforces my understanding that it doesn't seem to be that hard. We just have to wait a little. Or turn the security feature off, as @serr said.
Problems I see is when you developed an app in a more careless way. Careless I means in the sense of the places you write data to. It is of course easy to just request to be able to write data anywhere and then you're free to do whatever you want. But it is the user's machine after all. One should not litter files around everywhere. When you write license files in some system directory, for example. This should always have been a no no. When you wildly want to access system folders, user's data folders, downloads folder. This rightly should raise alarm flags in the OS.
I hope this will eventually also end up in more organised apps and config file places. I for example cannot understand why config files need to be littered all over the place. Preferences folder, application support folders, containers. It's really annoying how Mac is set up in that way. But Windows is not a lot better with its different App Data folders and user data folder. Why not make a config folder in the user's data folder and place everything there. Next time I set up my new machine, I just sync my data folder and everything is done. I don't have to guess and look in 5 places where all the settings I carefully made are.
|
|
|
01-05-2020, 01:53 PM
|
#32
|
Human being with feelings
Join Date: Apr 2012
Posts: 423
|
How do you resolve the problem with ReaPack ? Is there a similar line in Terminal like for sws ?
|
|
|
01-05-2020, 02:00 PM
|
#33
|
Human being with feelings
Join Date: May 2015
Location: Québec, Canada
Posts: 4,937
|
Yes, the same thing as SWS but with ReaPack's file instead.
Quote:
xattr -d com.apple.quarantine ~/Library/Application\ Support/REAPER/UserPlugins/reaper_reapack*.dylib
|
|
|
|
05-08-2020, 03:57 PM
|
#34
|
Human being with feelings
Join Date: Mar 2011
Location: USA
Posts: 461
|
Quote:
Originally Posted by Justin
For SWS you can fix it by running this from Terminal.app:
Code:
xattr -d com.apple.quarantine ~/Library/Application\ Support/REAPER/UserPlugins/reaper_sws_extension.dylib
|
Can SWS please put this on their website?
|
|
|
05-18-2020, 02:34 PM
|
#35
|
Human being with feelings
Join Date: May 2007
Location: San Antonio, TX
Posts: 811
|
Quote:
Originally Posted by Justin
|
Thanks VERY much for this! Worked a treat.
|
|
|
06-08-2020, 02:19 PM
|
#36
|
Human being with feelings
Join Date: May 2007
Location: San Antonio, TX
Posts: 811
|
Quote:
Originally Posted by Justin
For SWS you can fix it by running this from Terminal.app:
Code:
xattr -d com.apple.quarantine ~/Library/Application\ Support/REAPER/UserPlugins/reaper_sws_extension.dylib
|
I'm trying this and it isn't working. I've verified that reaper_sws_extension.dylib is in Library/Application Support/REAPER/UserPlugins
But when I put the above into Terminal, it says:
xattr: No such file: /Users/myname/Library/Application Support/REAPER/UserPlugins/reaper_sws_extension.dylib
|
|
|
06-09-2020, 05:43 PM
|
#37
|
Administrator
Join Date: Jan 2005
Location: NYC
Posts: 15,721
|
Quote:
Originally Posted by kenTheriot
I'm trying this and it isn't working. I've verified that reaper_sws_extension.dylib is in Library/Application Support/REAPER/UserPlugins
But when I put the above into Terminal, it says:
xattr: No such file: /Users/myname/Library/Application Support/REAPER/UserPlugins/reaper_sws_extension.dylib
|
Maybe you mistyped the filename?
You can do this:
Terminal, type in (without enter and with a trailing space at the end):
Code:
xattr -d com.apple.quarantine
Then navigate to find reaper_sws_extension.dylib in finder, and drag that file into the Terminal window, which will put the filename there... and hit enter?
|
|
|
06-09-2020, 06:29 PM
|
#38
|
Human being with feelings
Join Date: May 2007
Location: San Antonio, TX
Posts: 811
|
Quote:
Originally Posted by Justin
Maybe you mistyped the filename?
You can do this:
Terminal, type in (without enter and with a trailing space at the end):
Code:
xattr -d com.apple.quarantine
Then navigate to find reaper_sws_extension.dylib in finder, and drag that file into the Terminal window, which will put the filename there... and hit enter?
|
Tried that. At least Terminal didn't complain this time. but I still got the error when trying to open Reaper. Let's see if this video is visible - https://www.screencast.com/t/S403Tb1vQQ6
|
|
|
06-10-2020, 12:17 AM
|
#39
|
Human being with feelings
Join Date: Jun 2011
Location: Belgium
Posts: 5,246
|
Quote:
Originally Posted by kenTheriot
|
Could you have the sws extension in two places?
Maybe you need to log out of your Mac account and log in again?
__________________
In a time of deceit telling the truth is a revolutionary act.
George Orwell
|
|
|
06-10-2020, 01:24 AM
|
#40
|
Human being with feelings
Join Date: Mar 2019
Posts: 876
|
Quote:
Originally Posted by kenTheriot
|
Hi, perhaps you want to try using newer SWS beta release, v2.12.0.0 23871fdc, It works fine here, and I believe the SWS devs even recommend it for macOS10.15 and Reaper 6.
That aside, the older SWS lib has also been working fine here using the above method.
SWS repository: https://www.sws-extension.org/download/pre-release/
.
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -7. The time now is 03:21 PM.
|