darwin/macOS releases are not signed
arubdesu opened this issue · 4 comments
Hey there, I'd like to patch/provide this for my organization as we are Sourcegraph customers, but the binaries are not signed, e.g.:
% codesign --display -r- --deep -v src-cli_4.4.0_darwin_arm64/src
Executable=src-cli_4.4.0_darwin_arm64/src
Identifier=a.out
Format=Mach-O thin (arm64)
CodeDirectory v=20400 size=404606 flags=0x20002(adhoc,linker-signed) hashes=12641+0 location=embedded
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
# designated => cdhash H"d69c00d22a382be51dddcc36a8c62e3c37640cad"
There are projects like gon can take care of all the necessary steps if joining Apple's Developer ID program and adding that step is possible, and explain why it's desirable. Please consider doing so, if it would be good for me to reach out to internal product owners and impress upon them that they should talk in the right ears I can do that as well. Thank you kindly for your consideration!
Thanks for submitting @arubdesu, and apologies for the delay - we're investigating with our release team, and will keep you posted on what we intend to do here.
Hey @arubdesu, quick update, another team is working on setting up codesigning for a different Sourcegraph binary. We'll hold off on anything for src-cli for now as to not duplicate efforts, but we're hoping their work will make it fairly easy to setup something here, too. We'll share more updates as they come!
Thank you kindly for keeping me in the loop! FYI I'll be using a sorta-framework/project called autopkg that can fetch the releases here on github and convert/pkg/make them 'palatable' for patch management/software distribution to Macs (first and foremost) with optional support for various 'MDM'-y tools and other OS platforms.
Standing by patiently for the wheels to turn, I understand resources need to be focused 🙇
Hey again @arubdesu, just writing to let you know there's been some discovery work and early progress made on figuring out how to build a step for this into our CI/CD infra! Hoping we'll have another update for you soon. Thanks for bearing with us! 😄