OmegaT 6.0.1 macOS notarized version
4 views
Skip to first unread message
Jean-Christophe Helary
Apr 30, 2026, 12:48:00 AM (13 days ago) Apr 30
to mac-for-t...@googlegroups.com, Mailing list for OmegaT user support
I, at long last, uploaded an OmegaT 6.0.1 macOS notarized version to
SourceForge (sincere apologies for the delay).
https://sourceforge.net/projects/omegat/files/OmegaT%20-%20Standard/OmegaT%206.0.1/
Here is a brief summary of what the notarization process means for the
OmegaT community.
1. What does notarizing an application means?
Notarizing an application, and OmegaT.app in our case, means the
following:
- The OmegaT.app package is sent to Apple’s servers.
- Apple’s servers automatically verify that the package and all the
included libraries are signed by identified developers.
- Apple’s servers send back a list of issues (unsigned or outdated libraries,
etc.) Libraries that are not originally signed must be signed by the
person who wants the notarization (me, in our case).
- After a number of back-and-forth with the Apple servers, they
deliver a “certificate” that must be “stapled” to the distributed
package.
The certificate that Apple has delivered is what reassures macOS and
keeps it from refusing to launch the application.
2. How can you check that OmegaT has been notarized?
You can check the certificate by using the following command from the
command line:
pkgutil --check-signature /Volumes/OmegaT_6.0.1_Notarized/OmegaT.app
(The test here is on the OmegaT.app package still inside the disk image
that you downloaded, but the result is the same after you move OmegaT
to its final location.)
The result should be
--------------------------------------------------
Package “OmegaT.app”:
Status: signed by a certificate trusted by macOS
Certificate Chain:
1. Developer ID Application: Jean-Christophe Helary (65KYD6CAQQ)
Expires: 2030-01-20 07:23:06 +0000
SHA256 Fingerprint:
80 D2 8D 62 A1 A9 4F 90 FC D7 DE 38 0C 3C 90 A7 AA D2 04 18 05 EC
71 84 B8 EE 4F B4 F6 09 27 31
------------------------------------------------------------------------
2. Developer ID Certification Authority
Expires: 2031-09-17 00:00:00 +0000
SHA256 Fingerprint:
F1 6C D3 C5 4C 7F 83 CE A4 BF 1A 3E 6A 08 19 C8 AA A8 E4 A1 52 8F
D1 44 71 5F 35 06 43 D2 DF 3A
------------------------------------------------------------------------
3. Apple Root CA
Expires: 2035-02-09 21:40:36 +0000
SHA256 Fingerprint:
B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
68 C5 BE 91 B5 A1 10 01 F0 24
--------------------------------------------------
3. What are the benefits of notarizing an application?
Notarization does not mean that the application is “bug free”, or that
Apple has applied some sort of involved QA process to it.
It just means that I have paid for a developer account and that Apple
tools have not detected obviously dangerous items in the package.
Using this version of OmegaT allows you to not have to fiddle with
system preferences to have your machine accept to run non
signed/notarized applications. It is a security measure.
But since OmegaT is not distributed through the Apple Store, macOS will
still ask you whether you really want to launch it.
4. What is the difference between OmegaT 6.0.1 and the macOS notarized
version?
Besides for the notarization process itself, the only difference with
this version and the official OmegaT 6.0.1 version is an updated
library that kept the package from being notarized by Apple (namely
junixsocket-native-common-2.10.1.jar). That library has
been included by default in the soon-to-be released OmegaT 6.0.2
version. I just cherry-picked the commit (commit 0766b07) and applied
it to the official OmegaT 6.0.1 release (commit 42ef014).
5. What is the future of the macOS notarized standard version?
From now on, macOS standard versions of OmegaT (OmegaT.app) will only
be distributed as notarized versions. macOS users will still be able to
use OmegaT.jar without any issue since the Java runtime environment
that you’ll run it from is signed by its distributor and validated by
Apple in similar fashion.
Notatization still requires a number of manual tasks. It has not yet
been included in our CI process.
That means that future releases of the standard version of OmegaT,
including OmegaT 6.0.2, will be distributed as notarized versions but
with a very short delay after the official release (a few minutes in
the best case, a few hours in the worst).
6. Will the weekly builds be notarized?
OmegaT’s build process calls dependencies (libraries, etc.) from outside
repositories. Locally signed libraries (cf. 1. above) need to replace
official libraries for the notarization process to work.
Since the weekly builds involve semi-automatic library updates, the
notarization process would require manual testing and signing of new
libraries every week. Until we find a way to automatize that (including
keeping signed libraries aside for builds), I’m not sure I want to
promise I’ll do that manually every week, or ever, since we have a
properly working “generic” version of OmegaT that runs fine on any
version of macOS: OmegaT.jar.
Hence, weekly builds (currently the 6.1 series) will most probably not
be notarized or distributed as OmegaT.app packages. macOS users who
want to use the weekly builds will need to shift to using OmegaT.jar
from the command line or with the help of simple scripts.
AppleScript, Automator and other macOS included automation systems
make it trivial to create customized OmegaT.jar launchers. I might
propose one in future OmegaT generic versions.
Et voilà. Don’t hesitate if you have any question, or comment, or if you
find an error in what I just wrote.
Jean-Christophe
--
Jean-Christophe Helary
https://sr.ht/~brandelune/
SourceForge (sincere apologies for the delay).
https://sourceforge.net/projects/omegat/files/OmegaT%20-%20Standard/OmegaT%206.0.1/
Here is a brief summary of what the notarization process means for the
OmegaT community.
1. What does notarizing an application means?
Notarizing an application, and OmegaT.app in our case, means the
following:
- The OmegaT.app package is sent to Apple’s servers.
- Apple’s servers automatically verify that the package and all the
included libraries are signed by identified developers.
- Apple’s servers send back a list of issues (unsigned or outdated libraries,
etc.) Libraries that are not originally signed must be signed by the
person who wants the notarization (me, in our case).
- After a number of back-and-forth with the Apple servers, they
deliver a “certificate” that must be “stapled” to the distributed
package.
The certificate that Apple has delivered is what reassures macOS and
keeps it from refusing to launch the application.
2. How can you check that OmegaT has been notarized?
You can check the certificate by using the following command from the
command line:
pkgutil --check-signature /Volumes/OmegaT_6.0.1_Notarized/OmegaT.app
(The test here is on the OmegaT.app package still inside the disk image
that you downloaded, but the result is the same after you move OmegaT
to its final location.)
The result should be
--------------------------------------------------
Package “OmegaT.app”:
Status: signed by a certificate trusted by macOS
Certificate Chain:
1. Developer ID Application: Jean-Christophe Helary (65KYD6CAQQ)
Expires: 2030-01-20 07:23:06 +0000
SHA256 Fingerprint:
80 D2 8D 62 A1 A9 4F 90 FC D7 DE 38 0C 3C 90 A7 AA D2 04 18 05 EC
71 84 B8 EE 4F B4 F6 09 27 31
------------------------------------------------------------------------
2. Developer ID Certification Authority
Expires: 2031-09-17 00:00:00 +0000
SHA256 Fingerprint:
F1 6C D3 C5 4C 7F 83 CE A4 BF 1A 3E 6A 08 19 C8 AA A8 E4 A1 52 8F
D1 44 71 5F 35 06 43 D2 DF 3A
------------------------------------------------------------------------
3. Apple Root CA
Expires: 2035-02-09 21:40:36 +0000
SHA256 Fingerprint:
B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
68 C5 BE 91 B5 A1 10 01 F0 24
--------------------------------------------------
3. What are the benefits of notarizing an application?
Notarization does not mean that the application is “bug free”, or that
Apple has applied some sort of involved QA process to it.
It just means that I have paid for a developer account and that Apple
tools have not detected obviously dangerous items in the package.
Using this version of OmegaT allows you to not have to fiddle with
system preferences to have your machine accept to run non
signed/notarized applications. It is a security measure.
But since OmegaT is not distributed through the Apple Store, macOS will
still ask you whether you really want to launch it.
4. What is the difference between OmegaT 6.0.1 and the macOS notarized
version?
Besides for the notarization process itself, the only difference with
this version and the official OmegaT 6.0.1 version is an updated
library that kept the package from being notarized by Apple (namely
junixsocket-native-common-2.10.1.jar). That library has
been included by default in the soon-to-be released OmegaT 6.0.2
version. I just cherry-picked the commit (commit 0766b07) and applied
it to the official OmegaT 6.0.1 release (commit 42ef014).
5. What is the future of the macOS notarized standard version?
From now on, macOS standard versions of OmegaT (OmegaT.app) will only
be distributed as notarized versions. macOS users will still be able to
use OmegaT.jar without any issue since the Java runtime environment
that you’ll run it from is signed by its distributor and validated by
Apple in similar fashion.
Notatization still requires a number of manual tasks. It has not yet
been included in our CI process.
That means that future releases of the standard version of OmegaT,
including OmegaT 6.0.2, will be distributed as notarized versions but
with a very short delay after the official release (a few minutes in
the best case, a few hours in the worst).
6. Will the weekly builds be notarized?
OmegaT’s build process calls dependencies (libraries, etc.) from outside
repositories. Locally signed libraries (cf. 1. above) need to replace
official libraries for the notarization process to work.
Since the weekly builds involve semi-automatic library updates, the
notarization process would require manual testing and signing of new
libraries every week. Until we find a way to automatize that (including
keeping signed libraries aside for builds), I’m not sure I want to
promise I’ll do that manually every week, or ever, since we have a
properly working “generic” version of OmegaT that runs fine on any
version of macOS: OmegaT.jar.
Hence, weekly builds (currently the 6.1 series) will most probably not
be notarized or distributed as OmegaT.app packages. macOS users who
want to use the weekly builds will need to shift to using OmegaT.jar
from the command line or with the help of simple scripts.
AppleScript, Automator and other macOS included automation systems
make it trivial to create customized OmegaT.jar launchers. I might
propose one in future OmegaT generic versions.
Et voilà. Don’t hesitate if you have any question, or comment, or if you
find an error in what I just wrote.
Jean-Christophe
--
Jean-Christophe Helary
https://sr.ht/~brandelune/
Reply all
Reply to author
Forward
0 new messages