Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run codesign on osx-arm64 #10260

Merged
merged 5 commits into from
Oct 7, 2020
Merged

Run codesign on osx-arm64 #10260

merged 5 commits into from
Oct 7, 2020

Conversation

isuruf
Copy link
Contributor

@isuruf isuruf commented Sep 30, 2020

No description provided.

@isuruf isuruf requested a review from a team as a code owner September 30, 2020 22:27
@anaconda-issue-bot anaconda-issue-bot added the cla-signed [bot] added once the contributor has signed the CLA label Sep 30, 2020
beckermr
beckermr reviewed Sep 30, 2020
View reviewed changes
Copy link
Contributor

@beckermr beckermr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this pr sign all binaries or only those which have a prefixed replaced?

@isuruf
Copy link
Contributor Author

isuruf commented Sep 30, 2020

Only those which have a prefixed replaced which is all binaries produced by the conda compilers.

@beckermr
Copy link
Contributor

Ok. So we won't be able to sign things if we are doing binary repackaging?

@beckermr
Copy link
Contributor

Or I should say, installing a thing from binary repackaging.

@isuruf
Copy link
Contributor Author

isuruf commented Sep 30, 2020

Nope. That should be done in conda-build if binary_has_prefix_files is not turned off. (Usually binary repackages turn it off)

@beckermr
Copy link
Contributor

Ok. So we do need the pr on conda build.

@beckermr
Copy link
Contributor

What about statically linked binaries?

@isuruf
Copy link
Contributor Author

isuruf commented Sep 30, 2020

Those have rpath in them if they were compiled using conda compilers, so they'll get replaced as well.

@erykoff
Copy link
Contributor

erykoff commented Oct 1, 2020

Latest changes check if a file has been updated on whether it should do the signing. But we don't have any guarantee that it was signed in the first place, right? I think we either need to check if it has a valid signature (codesign -v file) or just sign everything.

@chenghlee chenghlee added this to the 4.9.0 milestone Oct 1, 2020
@isuruf
Copy link
Contributor Author

isuruf commented Oct 1, 2020

If a package was not updated here, that means there was something wrong with the metadata in the conda package. That code path should not be triggered at all, but I added it just in case.

This was referenced Oct 1, 2020
Closed
Merged
@isuruf
Copy link
Contributor Author

isuruf commented Oct 5, 2020

ping on this

chenghlee
chenghlee approved these changes Oct 7, 2020
View reviewed changes
conda/core/portability.py Outdated Show resolved Hide resolved
@chenghlee chenghlee merged commit aed799b into conda:master Oct 7, 2020
@beckermr
Copy link
Contributor

beckermr commented Oct 7, 2020

huzzah!

@erykoff
Copy link
Contributor

erykoff commented Oct 7, 2020

Fantastic!

@isuruf isuruf deleted the codesign branch October 9, 2020 15:25
@isuruf isuruf mentioned this pull request Oct 23, 2020
Closed
nehaljwani added a commit to nehaljwani/conda-standalone-feedstock that referenced this pull request Nov 14, 2020
@nehaljwani
Bump version to v4.9.2
5b99277 
Drop conda_patches/gh10260.patch as it has been merged upstream!
xref: conda/conda#10260
@github-actions
Copy link

Hi there, thank you for your contribution to Conda!

This pull request has been automatically locked since it has not had recent activity after it was closed.

Please open a new issue or pull request if needed.

@github-actions github-actions bot added the locked [bot] locked due to inactivity label Oct 10, 2021
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 10, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@chenghlee chenghlee chenghlee approved these changes

@beckermr beckermr beckermr left review comments

Assignees
No one assigned
Labels
cla-signed [bot] added once the contributor has signed the CLA locked [bot] locked due to inactivity
Projects
None yet
Milestone
4.9.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@isuruf @beckermr @erykoff @chenghlee @anaconda-issue-bot