Fix macOS build bundle structure, add ad-hoc code signatures to bundle#1
Open
berg wants to merge 7 commits intosigrokproject:masterfrom
Open
Fix macOS build bundle structure, add ad-hoc code signatures to bundle#1berg wants to merge 7 commits intosigrokproject:masterfrom
berg wants to merge 7 commits intosigrokproject:masterfrom
Conversation
This is required for the structure of the bundle to be valid so the codesigning tool doesn't fail when processing it
The embedded Python bundle in the resulting Pulseview binary is subtly broken in a way that the codesign tool fails to sign it; this should make it legible to the tool so we can produce signed binaries
This adds an anonymous ad-hoc signature to the app bundle, which lets users who download the app allowlist it for execution
Move this down after the Python framework is normalized, etc., and supply the right path to Qt's homebrew install
macOS 13 x86 images have been deprecated per Github: actions/runner-images#13046
|
@abraxa is it possible to get some movement on this one? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hi @abraxa,
I hope that it's OK to submit a PR for this repo! I wanted to provide a few fixes to the macOS builds that make them more useful. I've tried to split the changes into a set of commits that explain each change, and to allow you to cherry pick any of the fixes you'd like. I am happy to make any changes you'd like, and also happy to help improve the builds and actions generally if that'd be helpful. It'd be very nice to have macos arm nightly builds of pulseview!
With this set of patches applied, the resulting builds have a valid ad-hoc code signatures (no identity attached, just integrity and a fingerprint) and are able to be manually allowlisted by macOS and run without modification. The current master branch's outputs are immediately killed with codesigning failures.
Here's the output of these patches: https://github.com/berg/sigrok-build/actions/runs/20578489417
(Ignore the fact that this is a slightly different branch; I had to apply one additional patch on top of this to get the action to pull from my forked repo, but you obviously don't want to apply that one. And also ignore the failing Linux builds, as I don't think I have access to pull those images from GHCR.)
Thanks for all of your hard work on this project, and let me know if I can do anything that'll make it easier for you to accept these. Cheers!