←back to thread

MacOS Catalina: Slow by Design?

(sigpipe.macromates.com)
2031 points jrk | 1 comments | 22 May 20 15:39 UTC | HN request time: 0.405s | source
Show context
davidvartan ◴[22 May 20 15:53 UTC] No.23273396[source]
> a degraded user experience, as the first time a user runs a new executable, Apple delays execution while waiting for a reply from their server.

The way to avoid this behavior is to staple the notarization ticket to your bundle (or dmg/pkg), i.e. "/usr/bin/stapler staple <path>." Otherwise, Gatekeeper will fetch the ticket and staple it for the user on the first run.

(I'm the author of xcnotary [1], a tool to make notarization way less painful, including uploading to Apple/polling for completion/stapling/troubleshooting various code signing issues.)

[1] https://github.com/akeru-inc/xcnotary

replies(5): >>23273530 #>>23273867 #>>23273940 #>>23275792 #>>23279360 #
scottlamb ◴[22 May 20 16:36 UTC] No.23273940[source]
> The way to avoid this behavior is to staple the notarization ticket to your bundle (or dmg/pkg)

Maybe in some cases, but the article says "even if you write a one line shell script and run it in a terminal, you will get a delay!"

Shell scripts don't come in bundles. I don't think this kind of stapling is possible for them? I don't think it'd be reasonable to expect users to do this anyway.

replies(1): >>23274045 #
davidvartan ◴[22 May 20 16:44 UTC] No.23274045[source]
The Gatekeeper behavior is specific to running things from Finder (not Terminal), and only if you downloaded it via a browser that sets the com.apple.quarantine xattr.

Two posts from Apple dev support (Cmd+F "eskimo") describe this in more detail.

https://forums.developer.apple.com/thread/127709

https://forums.developer.apple.com/thread/127694

replies(4): >>23274142 #>>23274402 #>>23275448 #>>23278587 #
JadeNB ◴[22 May 20 17:09 UTC] No.23274402[source]
> The Gatekeeper behavior is specific to running things from Finder (not Terminal), and only if you downloaded it via a browser that sets the com.apple.quarantine xattr.

The article says the described problem isn't limited in this way:

> This is not just for files downloaded from the internet, nor is it only when you launch them via Finder, this is everything. So even if you write a one line shell script and run it in a terminal, you will get a delay!

replies(2): >>23274503 #>>23275861 #
1. staticfloat ◴[22 May 20 19:21 UTC] No.23275861[source]
If you read the comments of the article and do your own testing, you will find that reality appears to be more complicated than the article suggests. Users have shown using both timing and wireshark that the shell scripts do not appear to be triggering notarization checks.