Mountain Lion Gatekeeper

This is the first in a series of 3 posts documenting the working of Gatekeeper and signing of the plug-ins and the installers.

Gatekeeper is Apple’s security feature that is designed to protect Mac OS X users from malicious software.

Gatekeeper will be able to run in three modes:
1. Mac App Store: The default mode, a stricter mode in which users will only be able to install applications downloaded from the Mac App Store.
2. Mac App Store and identified developers: Relaxed mode that allows users to install applications downloaded from the Mac App Store or identified developers (Applications signed using certificate generated by Apple.)
3. Anywhere: Any application can be installed.

Gatekeeper options

While option 1 is the safest, option 3 is like being back on Lion or any other previous version of Macintosh. Option 2 seems like a good middle path which quite a few developers will take.

Important points to remember regarding Gatekeeper:
1. The Gatekeeper does not check or restrict Plug-ins, Frameworks etc.
2. Any software already installed—and that has been run at least once—will continue to run even after Gatekeeper is enabled. Gatekeeper checks on first launch of an application.
3. Gatekeeper uses OCSP (Online Certificate Status Protocol) to verify the certificate, OCSP talks to servers over the Internet.
4. Gatekeeper validates/checks all the installer.

For more information on Gatekeeper behaviour refer: Macworld article and tidbits article

I did few experiments to understand the Gatekeeper better.

Check 1: Downloaded a pkg installer (unsigned) on 10.6 and ran it on 10.8 from a pen drive
I Downloaded a pkg installer which doesn’t work (not signed) on 10.8 (Mountain Lion) on 10.6 (Snow Leopard) using Google Chrome and transferred it to a pen drive next day and tried installing it. The Gatekeeper detected that the pkg was not signed. The behavior was same when I downloaded the installer from a mail server.

Downloaded on Snow Leopard but Gatekeeper detected it.

Check 2: Downloaded a pkg installer (unsigned) on 10.8
I Downloaded an pkg installer which doesn’t work (not signed) on 10.8 on 10.8 and tried installing it again Gatekeeper was up to the task. The behavior was same when I downloaded the installer from a mail server.

Check 3: Downloaded a signed pkg installer on a fresh 10.8 machine without internet
Basically this machine had Mountain Lion Preview 4 and my signed installer was not used on this machine. I pulled out the LAN cable (WiFi was turned off) and I tried to install my package using the pkg installer. Gatekeeper allowed the installer to run without any warning. Looks like OCSP (Online Certificate Status Protocol) is not the only check Gatekeeper performs. Good news is that Gatekeeper doesn’t need the machine to be connected to internet for it to verify the certificates. The behavior was same when I downloaded the installer from a mail server.

Check 4: Downloaded an application (unsigned) on 10.6 and ran it on 10.8 from a pen drive
The application didn’t have a pkg installer. I just had to drag and drop the app into “Applications” folder. Copy worked fine but when I tried to launch the application, Gatekeeper kicked in. I used an older version of TextWrangler to generate the issue.

Check 5: Downloaded an application (unsigned) on 10.8
Same as Check 4. Gatekeeper wouldn’t allow me run the application. I used an older version of TextWrangler to generate the issue.

Check 4 and 5

Check 6: Downloaded a signed application on a fresh 10.8 machine without internet
Gatekeeper verified and allowed the application to launch.

Gatekeepers doesn’t quite meets my expectation. I would be very happy if it starts validating frameworks, plug-ins and command line tools that the user can download from internet. There are already improvements in Gatekeeper implementation in Mountain Lion GM over Mountain Lion Preview 3. But it is a good start none the less.

Advertisements

New Rupee Symbol of Indian – How to use it in Computers.

You can download the Rupee_Foradian font file from Rupee_Foradian.ttf

Installing and using on Linux

1. Copy Rupee_Foradian.ttf file to /home/Home_Name/ .fonts/ (create this directory, if not exists)
2. Open any word process applications (like open-office, Thunderbird etc), choose “Rupee Foradian” from the drop down box of fonts (If it was already open, restart the application).
3. Press the key just above the Tab button (with “~” symbol) to get the rupee symbol (`)

The button to press

Installing and using on Windows

1. Copy Rupee_Foradian.ttf file to OSDrive:/Windows/Fonts. Normally it would be “C:/Windows/Fonts”. When you paste the file to this location, OS would display say that it is installing the font.
2. Open your word processor and select the “Rupee_forindian” (If it was already open, restart the application).
3. Press the key just above the Tab button (with “~” symbol) to get the rupee symbol (`). Refer the previous image

Installing and using on Macintosh

1. Copy Rupee_Foradian.ttf file to /System/Library/Fonts if all the users need to use it and for a single user it should be /Users/Home_Name/Library/Fonts
2. Open your word processor and select the “Rupee_forindian” (If it was already open, restart the application).
3. Press the key just above the Tab button (with “~” symbol) to get the rupee symbol (`). Refer the previous image

NOTE: Since it is a true type font am not sure whether it will work on Tiger(10.4) version of Macintosh. There shouldn’t be any problems in Leopard(10.5) and Snow Leopard(10.6) version of Macintosh.

It's working!

The images and Windows OS installation is thanks to Joanne Debrass and Linux OS installation is thanks to Satheesh Prabu.