Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

santactl is adhoc-signed with the release rules #595

Closed
tnek opened this issue Sep 8, 2021 · 1 comment · Fixed by #617
Closed

santactl is adhoc-signed with the release rules #595

tnek opened this issue Sep 8, 2021 · 1 comment · Fixed by #617
Assignees
@tnek
Labels
bug

Comments

@tnek
Copy link
Contributor

tnek commented Sep 8, 2021

Putting into writing what markowsky@ and I have been discussing.

When creating a full Santa release with: with bazel build -c opt --define=SANTA_BUILD_TYPE=release :release and the Santa_dev and Santa_daemon_dev provisionprofiles in the appropriate places, where the provisioningprofiles contain a development certificate, santactl doesn't end up getting signed but everything else does. This of course results in all MOLXPC checks failing with the newly created santactl. Our internal release pipeline inadvertently just codesigns over this generated santactl binary with the correct certificate, so we never ran into this with the actual packaged releases.
@tnek tnek self-assigned this Sep 8, 2021
@tnek
Copy link
Contributor Author

tnek commented Sep 8, 2021

Easiest way to fix this is to just add a provisioning_profile to the santactl rule, after that's supported with bazelbuild/rules_apple#1236

@tnek tnek added the bug label Sep 9, 2021
@tnek tnek mentioned this issue Oct 1, 2021
Merged
@tnek tnek closed this as completed in #617 Oct 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tnek tnek

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add provisioningprofile for santactl so that it's properly signed
1 participant
@tnek