Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release: ship codesigned MacOS arm64 binaries #29749

Open
stickies-v opened this issue Mar 27, 2024 · 2 comments
Open

release: ship codesigned MacOS arm64 binaries #29749

stickies-v opened this issue Mar 27, 2024 · 2 comments
Labels
macOS

Comments

@stickies-v
Copy link
Contributor

Since MacOS 11.0.1, the operating system enforces that any executable must be signed before it’s allowed to run.

When a user downloads and tried to run a MacOS arm64 binary (e.g. for 26.0), the first interaction they get is the error that “bitcoind” is damaged and can’t be opened. You should move it to the Bin.

image

Even though this is quickly resolved by running codesign --sign - ./bitcoind, the error message does not provide any such directions, and is quite confusing for users.

I would suggest that we, in order of my preference:

  1. ship codesigned binaries by default, and keep unsigned binaries available at https://bitcoincore.org/bin/ for those that need/want it
  2. include a README.txt in the tar.gz with codesigning instructions (which cli users should be reasonably used to / familiar with anyway). An install shell script would be an option too but is probably more controversial.
  3. add clear instructions on bitcoincore.org and bitcoin.org

I'm unsure if any similar issues exist for the Windows binaries, but if so, we should probably take a similar approach there (if anyone with a Windows machine can confirm this, that would be great).
@stickies-v stickies-v changed the title release: ship codesigned MacOS arm64 binary release: ship codesigned MacOS arm64 binaries Mar 27, 2024
@fanquake fanquake added the macOS label Mar 27, 2024
@AngusP
Copy link
Contributor

AngusP commented Apr 2, 2024

Even though this is quickly resolved by running codesign --sign - ./bitcoind, the error message does not provide any such directions, and is quite confusing for users.

AFAIK to have codesign available the user has to have Xcode installed (or just the xcode-select --install, the "I am a developer shibboleth")?

This would make your suggestion 1. basically the only one that will work for people that don't already know how to solve this for themselves without a lot of additional effort.

@pinheadmz
Copy link
Member

I think this is a decent idea. I am a macOS codesigner and was able to sign a guix-built bin/bitcoind release as well as create a detached signature like we do for the gui. However I did so with the Apple-blessed tools (OS keychain and codesign command). I was also unable to re-attach that signature to the binary which would be required for guix attestations. So the work involved here would mostly be patching https://github.com/achow101/signapple by @achow101 to operate on flat binaries in addition to bundled packages like Qt, and then in this repository, just updating the guix build/sign/release docs with a few extra steps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
macOS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fanquake @AngusP @pinheadmz @stickies-v