[brackets-shell] Bast MAC V2 signing needs to be moved from OS X 10.9.3 to OS X 10.9.5 #10326
Comments
nethip
changed the title
|
What does this mean? Do we have to update OSX on webauthoringbuild? |
|
Afaik this work is already done -- see #8838 and https://trello.com/c/gNZWYFoR/462-update-to-mac-v2-code-signing. @nethip is there any more work you're aware of here? |
|
The BAST team has reached to us saying Brackets Helper.app is not complying with V2 signing. They are suggesting some structural changes, inside the app. I am currently looking at it. @ingorichter I think we should upgrade our build machines to 10.9.5. We are talking to the RE to see what this actually means. |
|
@peterflynn @ingorichter Here is the full picture that I got from the RE. The BAST signing servers are going to be upgraded from 10.9.3 to 10.9.5 and while testing, the BAST team has found that "Brackets Helper.app" is not complying with the V2 signing requirement, when signed used 10.9.5. As I mentioned above, some structural changes, inside Brackets Helper.app were suggested. I will see what changes need to be done. @ingorichter Actually there is not need to update our build machine to 10.9.5, The new MAC build system that we are going to procure comes with 10.9.5. So we are going to be on 10.9.5 once the new systems are setup and fully functional. |
|
Do we really need to update the build machine? Signing happens on different machines anyway. I just saw that we are still on 10.8.5 for webauthoringbuild. We should be able to update to 10.9.5, but we should plan for some time testing the new OS version and the tools that will be updated with this OS update. |
|
@ingoritcher Sure we should test existing tools on the new build System. But I think it would be good if we can retain the same versions of tools (like XCode, Java e.t.c. ) on the new 10.9.5. system. Or should we upgrade these as well? And about V2 signing complying, I don't know why Brackets Helper.app is listed as one of the applications that is not complying with V2 signing on MAC. I just tried all the steps they had mentioned in their wiki about signing Brackets Helper.app, and all tests looks fine( signed with codesign and checked it with spctl). Another recommendation they had was to change the application structure. But if we look at the contents Brackets Helper.app, it is bare minimal. It has just the MacOS folder, where the binary exists. |
|
I agree. If there is no need to update the remaining tools, than we should stick with them for a while. I'm always eager to go with the latest version of everything to avoid security issue and take advantage of improvements. This sometimes comes at a cost which is not easily to determine upfront. |
|
@ingorichter Thanks for letting me know about the plist addition to CEF. This could be a possible reason. Anyways we have asked BAST team to tell us why Brackets Helper.app is listed in the list of apps not complying with V2 signing. I will give an update once I hear from them. |
|
We just heard from BAST team. Everything looks fine. |
|
Closing. |
Bast MAC V2 signing needs to be moved from OS X 10.9.3 to OS X 10.9.5. Here are the reasons why we should be moving signing to 10.9.5
This must be done ASAP.
The text was updated successfully, but these errors were encountered: