build: add macOS signing entitlements to macdeploy #18171

pull fanquake wants to merge 1 commits into bitcoin:master from fanquake:macos_signing_requirements changing 1 files +18 −0
  1. fanquake commented at 1:14 pm on February 18, 2020: member

    This is the entitlements file that could be passed to the codesign tool during macOS notarization. We don’t have to be explicit with all of these permissions, as most of them are disabled by default.

    Also related to #18131.

    TODO:

    • Add --options runtime to codesign step.
  2. build: add macOS signing entitlements to macdeploy 3384764d54
  3. fanquake added the label macOS on Feb 18, 2020
  4. fanquake added the label Build system on Feb 18, 2020
  5. fanquake requested review from jonasschnelli on Feb 18, 2020
  6. jonasschnelli commented at 2:33 pm on February 18, 2020: contributor

    Tested and made some custom gitian builds. I manually signed the newest nighly osx unsigned gitian build https://bitcoin.jonasschnelli.ch/gitian/build/15.

    …changed detached-sig-create.sh and added --options runtime in L26.

    … manually edited the gitian descriptor gitian-osx-signer.yml to take a local signature-osx.tar.gz file (instead of the git repository).

    … ran gbuild with the edited descriptor

    … notarized the spit-out .dmg xcrun altool --notarize-app --primary-bundle-id "org.bitcoinfoundation.Bitcoin-Qt" -u "..." -p "..." --file ~/Desktop/bitcoin-osx-signed.dmg

    0xcrun altool --notarization-info e2a5950f-27a8-4ca6-b878-70c2c7f986a5 -u "" -p ""
1No errors getting notarization info.
2
3          Date: 2020-02-18 14:24:52 +0000
4          Hash: 69f497ed8e390f9d36af0ff62657b34c324ce1b443f517e5e22b28f6a34a648b
5    LogFileURL: https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma114/v4/dc/3b/0a/dc3b0a04-e739-9613-7e23-dd7d06f35967/developer_log.json?accessKey=1582230400_8858694549230079029_1BoiQHetIfiQRtamwTQJdffO23e%2FsCkehyqyv8VM6C3g%2FMkW%2FoQj%2Bj7pQniQhk4H78U0p5TZRYfK6YvO8stbYx63WZk2%2BF5%2FC67INVY%2FwlCnJo0HKumbkvzIa0DmvEa66ZwHMwNmqyCxAljA01hPcGPJwl0zLBFeXeUpYIeumOw%3D
6   RequestUUID: e2a5950f-27a8-4ca6-b878-70c2c7f986a5
7        Status: success
8   Status Code: 0
9Status Message: Package Approved

    summary:

    • I don’t think we need the Entitlements.xml (this PR only adds the already existing default values IMO), instead just adding --options runtime to detached-sig-create.sh should be enough.
  7. fanquake commented at 0:40 am on February 21, 2020: member
    I still like the idea of explicitly passing our entitlements to codesign, however am going to close this in favour of #18187 for now, and we can keep the codesigning discussion there.
  8. fanquake closed this on Feb 21, 2020
  9. DrahtBot locked this on Feb 15, 2022
  10. fanquake deleted the branch on Sep 29, 2022


fanquake jonasschnelli


jonasschnelli

Labels
macOS Build system

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-04 22:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me