External Email - Use Caution
You are absolutely right—once each binary is approved once then it is saved in that state much like previous versions of macOS. I’m sure the next few updates for Catalina will tackle this issue to allow nested permissions extensions.
Cheers,
Aditya
From: fsbuild fsbuild@contbay.com Sent: Tuesday, October 8, 2019 11:54 PM To: freesurfer@nmr.mgh.harvard.edu Cc: Aditya Kulkarni Aditya.Kulkarni@qc.cuny.edu Subject: Re: [Freesurfer] Notice about macOS Catalina Notarization and FreeSurfer
Hello Aditya,
We are aware of the security changes in Mac OS 10.15 such as notarization whereby Apple has decided to extend security rules for applications (*.app bundles) to command line tool/binaries. From my reading of developer postings it is not clear that the notarization process in the current release of Catalina can actually detect the linkages in and authorize all the Mac software that has been built on and distributed for older versions of Mac OS. I suspect this is why in the past weeks I have started to receive at least 1 email a day from commercial vendors of Mac software saying not to upgrade to Catalina if you want to use their existing software releases. So perhaps the the first (10.15.0) release of Catalina cannot support or be backwards compatible with all previous releases of Mac software. My understanding is that each binary only needs to be authorized once and subsequently the approved state is saved, and the binary will run. I can imagine writing something to try and authorize each individual command under ./freesurfer/bin starting with the lowest level commands, but I would not start with using the recon-all command.
- R.
Aditya Kulkarnimailto:Aditya.Kulkarni@qc.cuny.edu October 8, 2019 at 22:26 External Email - Use Caution
Hello FreeSurfer team,
With Apple’s recent release of macOS Catalina, I wanted to test its compatibility with FreeSurfer. Indeed the executables in the freesurfer/bin folder are subject to the “notarization” problem in the OS, such that every dependent executable that is used in a recon-all stream requires the user to allow it manually through security (a process which becomes cumbersome and interrupts recon-all runs with the many libraries it requires). I know you are all working very hard on the software’s development and just wanted to update with this information in case other users are updating to Catalina and going to run a FreeSurfer stream soon.
Best,
Aditya Kulkarni
_______________________________________________ Freesurfer mailing list Freesurfer@nmr.mgh.harvard.edumailto:Freesurfer@nmr.mgh.harvard.edu https://mail.nmr.mgh.harvard.edu/mailman/listinfo/freesurfer