With bug 7371 we now do notarization of our signed macOS client, this allows tlclient to run on macOS 10.15.
The notarization verification works by contacting Apple's gatekeeper system when trying to start the ThinLinc client for the first time. If you don't have internet access your Mac can't contact the gatekeeper servers. This results in the following dialogue:
> "ThinLinc client" can't be opened because Apple cannot check it for malicious software.
> This software needs to be updated. Contact the developer for more information.
> Safari downloaded this file today at 1:16 PM from cendio.com
> [Show in Finder] [OK]
This dialog is the same as when the client isn't notarized at all.
You can work around this by right-clicking ThinLinc client from Finder and
choosing "Open". After doing this you no longer receive the warning.
The proper solution to this bug is to "Staple" the notarization approval to the app:
Since the notarization and signing requirements on macOS only apply to apps downloaded from the internet; one way to reproduce this stapling issue is as follows:
1) Download a signed AND notarized ThinLinc Client from Safari
2) Go to network settings in macOS
3) Select 'Ethernet' in the list
4) Press the small cogwheel at the bottom of the list and choose "Deactivate service"
5) Press "Apply"
6) Start the ThinLinc Client you just downloaded
7) Observe that it can't be started
Fixed now, this bug should be tested along with bug 7371.
To verify that it works I followed the steps presented in comment #1:
(In reply to comment #1)
> 1) Download a signed AND notarized ThinLinc Client from Safari
> 2) Go to network settings in macOS
> 3) Select 'Ethernet' in the list
> 4) Press the small cogwheel at the bottom of the list and choose "Deactivate
> 5) Press "Apply"
> 6) Start the ThinLinc Client you just downloaded
> 7) Observe that it can't be started
First time I did this, I used a non-stapled client and it didn't open as expected. I then stapled the same client and re-downloaded it from a browser. I turned off the internet and the client opened just fine without any messages saying it cannot be opened.