Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Notarize runtimes for use on macOS Catalina #1721

Open
tylersmalley opened this issue Sep 11, 2019 · 1 comment

Comments

@tylersmalley
Copy link

commented Sep 11, 2019

macOS Catalina (macOS 10.15) is the next major version of macOS. This version of the OS will apply significantly stronger security restrictions. In particular, macOS Catalina will enforce a requirement that all software be notarized by Apple prior to distribution (otherwise, users have to disable macOS Gatekeeper protections, a non-starter for most).

Files I have identified which need signing:

$ find * -type f -perm +u+x -exec file '{}' ';' | awk -F: '/Mach-O/ { print $1 }'
node_modules/nodegit/cmake-build-debug/CMakeFiles/3.12.3/CompilerIdCXX/a.out
node_modules/nodegit/cmake-build-debug/CMakeFiles/3.12.3/CMakeDetermineCompilerABI_C.bin
node_modules/nodegit/cmake-build-debug/CMakeFiles/3.12.3/CompilerIdC/a.out
node_modules/nodegit/cmake-build-debug/CMakeFiles/3.12.3/CMakeDetermineCompilerABI_CXX.bin
node_modules/nodegit/cmake-build-debug/CMakeFiles/feature_tests.bin
node_modules/nodegit/cmake-build-debug/CMakeFiles/3.13.4/CompilerIdCXX/a.out
node_modules/nodegit/cmake-build-debug/CMakeFiles/3.13.4/CMakeDetermineCompilerABI_C.bin
node_modules/nodegit/cmake-build-debug/CMakeFiles/3.13.4/CompilerIdC/a.out
node_modules/nodegit/cmake-build-debug/CMakeFiles/3.13.4/CMakeDetermineCompilerABI_CXX.bin
node_modules/nodegit/build/Release/configureLibssh2.node
node_modules/nodegit/build/Release/nodegit.node
node_modules/nodegit/build/Release/acquireOpenSSL.node

It is possible to script this outside of XCode - I found this post helpful.

@implausible

This comment has been minimized.

Copy link
Member

commented Sep 11, 2019

Oof. :(. It's doubtful that I will get to this before end of month.

I would recommend that users who are shipping applications on MacOS that leverage NodeGit should check their signing scripts and ensure that your .node files are being signed.

For those who are installing NodeGit via NPM, I suggest that in the meantime, you disable prebuilt installations by setting the environment variable: BUILD_ONLY=true before install.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.