Sign MacOS application bundle

[philippe-ynput]

Is there an existing issue for this?

• I have searched the existing issues and added correct labels.

Please describe the feature you have in mind and explain what the current shortcomings are?

All MacOS application bundles need to be signed for security reasons. Ours is not and it forces the user to go through a couple of hoops to make it run. Nothing terrible but a bit annoying and amateurish-looking.

Suggested implementation?

• Create a developer account for ynput ?
• Generate an apple developer id certificate.
• Write a new CI procedure to sign new builds.

We could also notarize the software, i.e. send it to Apple for a security audit before release, but that too much hassle.

Describe alternatives you've considered:

Leave it as it is.

[FuzzkingCool]

Alternative might be to run a command to Whitelist locally ( still will require user to enter password once ) Not sure if this will persist an OS update however. I'd like to bump this issue as this is a major pain with the latest update of Sequoia 15.4.1, it's now asking each time I run the launcher to be opened through security settings and "Open Anyway" which does not always appear. This makes it extremely difficult for MacOS users to use the AYON pipeline and is a definite blocker for us in early stages of adoption.