←back to thread

MacOS Catalina: Slow by Design?

(sigpipe.macromates.com)
2031 points jrk | 2 comments | 22 May 20 15:39 UTC | HN request time: 0.405s | source
Show context
davidvartan ◴[22 May 20 15:53 UTC] No.23273396[source]
> a degraded user experience, as the first time a user runs a new executable, Apple delays execution while waiting for a reply from their server.

The way to avoid this behavior is to staple the notarization ticket to your bundle (or dmg/pkg), i.e. "/usr/bin/stapler staple <path>." Otherwise, Gatekeeper will fetch the ticket and staple it for the user on the first run.

(I'm the author of xcnotary [1], a tool to make notarization way less painful, including uploading to Apple/polling for completion/stapling/troubleshooting various code signing issues.)

[1] https://github.com/akeru-inc/xcnotary

replies(5): >>23273530 #>>23273867 #>>23273940 #>>23275792 #>>23279360 #
xenadu02 ◴[22 May 20 16:30 UTC] No.23273867[source]
Xcode (the UI) is able to bypass GateKeeper checks for things it builds.

The "Developer Tool" pane in System Prefs, Security, Privacy is the same power. Drag anything into that list you'd like to grant the same privilege (such as xcodebuild). This is inherited by child processes as well.

The point of this is to avoid malware packing bits of Xcode with itself and silently compiling itself on the target machine, thus bypassing system security policy.

replies(7): >>23274912 #>>23275307 #>>23275358 #>>23275865 #>>23278110 #>>23283242 #>>23284958 #
1. indemnity ◴[22 May 20 19:21 UTC] No.23275865[source]
Reminds me of the AV exception folder our corporate IT created for developers. Soon absolutely everything developers needed or created was installed into that folder. Applications, IDEs, you name it.
replies(1): >>23290529 #
2. kunday ◴[24 May 20 10:18 UTC] No.23290529[source]
Guilty as accused. I try to keep to an absolute minimum. Like docker data-dir and IDE. With that i can atleast use my machine.

otherwise this macos notarisation, along with a possibly of cpu heating issues with left thunderbolt usage and corporate av scanning, makes my machine, next to useless