Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign Mac OS Installer packages #9139

Open
andyfeller opened this issue May 29, 2024 · 7 comments
Open

Sign Mac OS Installer packages #9139

andyfeller opened this issue May 29, 2024 · 7 comments
Labels
core This issue is not accepting PRs from outside contributors enhancement a request to improve CLI packaging tech-debt A chore that addresses technical debt

Comments

@andyfeller
Copy link
Contributor

Describe the feature or problem you’d like to solve

Mac OS Installer package support added in #7554 should sign .pkg with an appropriate Developer ID Installer-signing identity.

Additional context

The existing GitHub CLI deployment workflow only has access to Developer ID Application certificate, which cannot be reused in for Installer packages.
@andyfeller andyfeller added enhancement a request to improve CLI packaging tech-debt A chore that addresses technical debt labels May 29, 2024
@cliAutomation cliAutomation added the needs-triage needs to be reviewed label May 29, 2024
andyfeller added a commit that referenced this issue May 29, 2024
@andyfeller
Clarify Mac OS Installer packages are unsigned
2bb9900 
Relates #9139

This commit clarifies Mac OS Installer packages are unsigned due to additional work to obtain an Apple Developer ID Installer-signing identity.
@andyfeller andyfeller mentioned this issue May 29, 2024
Merged
@JouniJouni93

This comment was marked as spam.

Sign in to view
@williammartin
Copy link
Member

As I was reading https://lokal.so/blog/guide-to-sign-and-notarize-your-go-app-for-outside-mac-app-store-distribution I noticed that they notarize the installer .pkg. We currently notarize the contents, and hadn't considered notarizing the .pkg itself. Not sure what's necessary here but wanted to call it out.

There's also some stapling step which I've never seen before.

@williammartin williammartin added core This issue is not accepting PRs from outside contributors and removed needs-triage needs to be reviewed labels Jun 24, 2024
@Infinnet

This comment has been minimized.

Sign in to view
@sherwyn29

This comment was marked as spam.

Sign in to view
@sherwyn29

This comment was marked as spam.

Sign in to view
@andyfeller
Copy link
Contributor Author

andyfeller commented Aug 12, 2024
edited

As part of this work, the GitHub CLI website should be updated, directing users to download the Mac universal binary

@jtmcg jtmcg mentioned this issue Aug 12, 2024
Closed
@sdavids
Copy link

sdavids commented Aug 22, 2024

https://developer.apple.com/news/?id=saqachfa

Updates to runtime protection in macOS Sequoia
August 6, 2024

If you distribute software outside of the Mac App Store, we recommend that you submit your software to be notarized.

@andyfeller andyfeller mentioned this issue Aug 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core This issue is not accepting PRs from outside contributors enhancement a request to improve CLI packaging tech-debt A chore that addresses technical debt
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@sdavids @williammartin @andyfeller @cliAutomation @JouniJouni93 @Infinnet @sherwyn29 and others