Signed Builds #179
Comments
|
Might be what you're looking for, but please note that notarized binaries are prepared and submitted by a volunteer: #63 (comment) |
|
look good, it would be great if the ungoogled group did it rather than a volunteer. |
|
We don't have a legal entity nor the funds so it'd have to be a contributor with their personal account in any case sadly |
The people behind the team you call the "Ungoogled Group" are all volunteers, so it makes no real difference :) Since the Apple developer signature to sign apps is just a $99/year barrier, not really a "security measure" for a determined supply-chain attacker, I don't particularly trust it alone - I just quickly review each main release and the MacOS version |
|
Just a quick update on this, I am planning to publish an iPad app in the next few months, and I will purchase an Apple developer license if everything goes according to the plan. However, that app will also be a FOSS product, which means that I personally would like to raise fund as much as possible via sponsors (like the GitHub one) as I won't gain much profit out of these apps. So, as I am currently the maintainer of Ungoogled-Chromium macOS, if you do prefer this way, and you're interested, maybe consider sponsoring so we can get the rid of the fund issue. (I still cannot guarantee any result or timeline because I just can't predict how this will go). But, as @lakdif mentioned, all members in Ungoogled-Software, despite having this "Member" title, are all still just volunteers, and there's still no real difference between a signed release from me, or anyone else. |
|
@Cubik65536 That's great news! Shouldn't be much effort to copy/paste my actions and make them more "official" as well in that case! Just a recommendation, though; Set it up on a new (separate) Apple ID, so it's all not bound to your personal data, and if for whatever reason the account gets terminated someday, you don't necessarily risk your own iCloud stuff like photos etc.. Additionally, it reduces the risk associated with setting up an automated signing flow on Github Actions and credentials somehow leaking by accident, some future exploit, or whatever else might happen (in theory; that's a risk I'm currently running) In either case, let me know if you need any help with this, but just give you a bit of a head-start; this article is what I based my actions on |
It's great to hear about your plans to sign the app more officially! It's best for security and preventing binary alterations. Regarding donations, I understand the challenges of funding open-source projects, and I’ll definitely consider sponsoring to support your efforts. As for your Apple account, I agree with @claudiodekker — you should use a separate account rather than your personal one. I've had issues with the App Store myself, having been unable to use it for three days due to an Apple reviewer. Anyway, good luck with your app! Totally off-subject, but how do you create the Memoji with the WWDC sticker? |
Thanks for your suggestion and support!
You can first create Memoji, set it as your avatar for Apple account, download it (I do remember that there's a way of downloading the avatar), and then photoshop LOL. |
Donating $99 / year in addition to all of the time you've been donating.
Since Apple makes it impossible for you to publish an app for free without payment to Apple, I think you should REQUIRE that Apple user's donate to you to fund your developer license. Once 99 or more users have paid $1 for their annual subscription, if you want to make it free for others... Everyone would LIKE to "raise as much as possible via sponsorship/donations" however you should research this topic deeply to see for yourself if that's the actual outcome you can expect, rather than just the outcome that people hope for. |
|
What would be the avenue for donation? I think many of us that use and/or fork this project would be happy to do that (at least I like to think so). |
GitHub Sponsors would be the best. If you’d like to use some payment methods that are not supported by GitHub, Buy me a Coffee is also an option. They are under my name not ungoogled-chromium unfortunately, but all sponsor records (i.e. who’s sponsoring) will be public unless you choose to make it private. And you can leave a message specifying that it is for Ungoogled-Chromium, so I will be able to publish a list of sponsors with the specific amount of donation in this repo. |
I plan to make an announcement about this in the next release note, would that be okay? /cc @networkException |
|
Yes I'd say thats fine. I also have ungoogled on my sponsor page technically |
|
Good news! We got enough fund for Apple Developer Program fee (#184). I am waiting for payouts. Expect notarized Ungoogled-Chromium macOS to come in mid-to-end October! |
|
I will delay the release of macOS 130.0.6723.44 (the one that should move to stable Oct 15th, see ungoogled-software/ungoogled-chromium#3057) a bit... and it will be the first signed release. Apple is processing my Developer Account payment. |
|
I'll reopen this for now and use this to track progress and publish progress update. |
|
https://github.com/ungoogled-software/ungoogled-chromium-macos/releases/tag/130.0.6723.58-1.1 is released and we have notarized builds! |
|
Congratulations @Cubik65536! I've archived my repository/builds, and have updated the readme as to point here instead 👍 |
In some companies and startups, including mine, it's not possible to install unsigned apps. It would be great to have signed builds available to replace Firefox and Chrome.
The text was updated successfully, but these errors were encountered: