Remove signature removal from macos universal binaries. #14978
Conversation
|
Out of curiosity, why this was added in the first place? |
|
This was the issue with our latest macos release, right? The binaries were completely unsigned, and could not be run? |
It looked like that binaries can just be run if there were not signed - because we never had any signature before. However, this was only partly true, the execution of code needs at least an ad-hoc signature on apple silicon where on x86 it is not really needed (at least for x86 non-universal binaries). Sadly I didn't really tested it on my local machine before the last release and only noticed that the executable cannot run without any signature on apple silicon after.
Yes, exactly. Completely unsigned executables cannot be run on apple silicon. The problem was mainly that I was not testing the resulting binary on a different machine. The tests on macOS where executed correctly, because there seem to be some magic involved if a signature was removed from an executable on the same machine. However, that means we need at least that ad-hoc signature. Probably we need to discuss next meeting whether we want to sign our executables with a proper certificate (we would need an Apple ID for that), or that we just use it with that ad-hoc signature. |
cameel
force-pushed
the
remove_remove_signature_from_universal_binary
branch
from
ec8ff4c to
bcb10f8
Compare
|
There would probably be fewer questions if you simply linked this PR to the previous issues/PRs :) For reference, this is the original issue: #14813. And this is the PR that added signature removal: #14869.
In that case we should reopen the issue. |
No description provided.