Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tools: add macOS notarization verification step #50628

Closed
wants to merge 2 commits into from
Closed

tools: add macOS notarization verification step #50628

wants to merge 2 commits into from

Conversation

UlisesGascon
Copy link
Member

Main Changes

Add a verification step to validate the notarized binaries generated for macOS.

cc: @nodejs/build @nodejs/releasers

Context

Another PR related is #50625

You can find more information in this amazing article https://tonygo.ghost.io/notarization-for-macos-app-with-notarytool/ by @tony-go

Test

This was tested in iojs+release-ulises-experimental pipeline in jenkins ci release.

case: error

The error was "simulated" by using a different type

Full log available here

16:00:01 sh tools/osx-notarize.sh v22.0.0-test202311086410f3bf0d
16:00:01 Notarization process is done with Notarytool.
16:00:01 Submitting node-v22.0.0-test202311086410f3bf0d.pkg for notarization...
16:00:01 Conducting pre-submission checks for node-v22.0.0-test202311086410f3bf0d.pkg and initiating connection to the Apple notary service...
16:00:03 Submission ID received
16:00:03   id: 7f542153-1766-44b1-bc0f-6c672b4e54b6
16:00:08 Successfully uploaded file
16:00:08   id: 7f542153-1766-44b1-bc0f-6c672b4e54b6
16:00:08   path: /Users/iojs/build/ws/node-v22.0.0-test202311086410f3bf0d.pkg
16:00:08 Waiting for processing to complete.
16:00:14 
Current status: In Progress...
Current status: In Progress....
Current status: In Progress.....
Current status: In Progress......
Current status: In Progress.......
Current status: In Progress........
Current status: In Progress.........
Current status: In Progress..........
Current status: In Progress...........
Current status: In Progress............
Current status: In Progress.............
Current status: In Progress..............
Current status: Accepted...............Processing complete
16:01:55   id: 7f542153-1766-44b1-bc0f-6c672b4e54b6
16:01:55   status: Accepted
16:01:55 
16:01:55 Notarization node-v22.0.0-test202311086410f3bf0d.pkg submitted successfully.
16:01:55 objc[73632]: Class SPExecutionPolicy is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
[...redacted (similar references to previos line)...]
16:01:55 node-v22.0.0-test202311086410f3bf0d.pkg: rejected
16:01:55 source=no usable signature
16:01:55 error: Signature will not be accepted by Gatekeeper!
[...redacted...]
16:02:01 Finished: FAILURE

case: success

Full log available here

20:37:41 sh tools/osx-notarize.sh v22.0.0-test202311086410f3bf0d
20:37:41 Notarization process is done with Notarytool.
20:37:41 Submitting node-v22.0.0-test202311086410f3bf0d.pkg for notarization...
20:37:41 Conducting pre-submission checks for node-v22.0.0-test202311086410f3bf0d.pkg and initiating connection to the Apple notary service...
20:37:42 Submission ID received
20:37:42   id: 9166dd7b-4cdf-4e57-93ae-2453fc38d818
20:37:49 Successfully uploaded file
20:37:49   id: 9166dd7b-4cdf-4e57-93ae-2453fc38d818
20:37:49   path: /Users/iojs/build/ws/node-v22.0.0-test202311086410f3bf0d.pkg
20:37:49 Waiting for processing to complete.
20:37:54 
Current status: In Progress...
Current status: In Progress....
Current status: In Progress.....
Current status: In Progress......
Current status: In Progress.......
Current status: In Progress........
Current status: In Progress.........
Current status: In Progress..........
Current status: In Progress...........
Current status: Accepted............Processing complete
20:38:58   id: 9166dd7b-4cdf-4e57-93ae-2453fc38d818
20:38:58   status: Accepted
20:38:58 
20:38:58 Notarization node-v22.0.0-test202311086410f3bf0d.pkg submitted successfully.
20:38:59 objc[5975]: Class SPExecutionPolicy is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
[...redacted (similar references to previos line)...]
20:38:59 node-v22.0.0-test202311086410f3bf0d.pkg: accepted
20:38:59 source=Notarized Developer ID
20:38:59 Verification was successful.
[...redacted...]
14:29:10 Finished: SUCCESS

@nodejs-github-bot nodejs-github-bot added macos Issues and PRs related to the macOS platform / OSX. tools Issues and PRs related to the tools directory. labels Nov 8, 2023
@UlisesGascon UlisesGascon marked this pull request as ready for review November 8, 2023 19:47
@UlisesGascon UlisesGascon added request-ci Add this label to start a Jenkins CI on a PR. lts-watch-v18.x PRs that may need to be released in v18.x. lts-watch-v20.x PRs that may need to be released in v20.x labels Nov 8, 2023
@UlisesGascon UlisesGascon mentioned this pull request Nov 8, 2023
Closed
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Nov 8, 2023
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/55503/

@github-actions github-actions bot mentioned this pull request Nov 9, 2023
Open
20 tasks
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/55512/

This was referenced Nov 10, 2023
Open
Open
Open
Open
mhdawson
mhdawson approved these changes Nov 14, 2023
View reviewed changes
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mhdawson
Copy link
Member

@UlisesGascon looks like this needs a rebase

@UlisesGascon
Copy link
Member Author

@UlisesGascon looks like this needs a rebase

Thanks @mhdawson! I was able to solve the conflict directly in the Github UI as it was a simple change. Let me know if this require additional work to be done with the git history :)

@mhdawson
Copy link
Member

@UlisesGascon for some reason git-node still can't land it. Can you rebase into a single commit ?

@UlisesGascon UlisesGascon mentioned this pull request Nov 21, 2023
Closed
@UlisesGascon
Copy link
Member Author

@mhdawson I was not able to rebase it in local, so I created a separate PR #50833

@richardlau richardlau added backported-to-v18.x PRs backported to the v18.x-staging branch. backported-to-v20.x PRs backported to the v20.x-staging branch. and removed lts-watch-v18.x PRs that may need to be released in v18.x. lts-watch-v20.x PRs that may need to be released in v20.x labels Jan 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mhdawson mhdawson mhdawson approved these changes

@tony-go tony-go tony-go approved these changes

Assignees
No one assigned
Labels
backported-to-v18.x PRs backported to the v18.x-staging branch. backported-to-v20.x PRs backported to the v20.x-staging branch. macos Issues and PRs related to the macOS platform / OSX. tools Issues and PRs related to the tools directory.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@UlisesGascon @nodejs-github-bot @mhdawson @tony-go @richardlau