This repository has been archived by the owner on Jan 13, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1k
feature: allow macOS code signing by including payload in str table #1164
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
robertsLando
suggested changes
May 5, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good from a code side, BTW tests are broken.
I think the tests are flaky, and they only fail with Node 16. I will run them again. |
I rerun the tests on the HEAD (ea7d72b), and they fail. Clearly our tests don't work with Node 16.1. |
Could you take a look at them? |
Apparently nodejs/node@9c06103 is the commit that breaks the tests. |
… macOS The fetched/built base binaries MUST NOT have an existing signature if we want to sign the final executable. However, we do need to run the base binary to generate bytecode on macOS, and the binary has to be signed due to the new mandatory signing requirement. This change ad-hoc signs the base binary to allow pkg to generate bytecode on macOS.
robertsLando
approved these changes
May 10, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Good job :)
jesec
added a commit
to vercel/pkg-fetch
that referenced
this pull request
May 10, 2021
Newer versions of Apple Clang automatically ad-hoc sign the compiled executable, due to the new mandatory code signing requirement [1]. However, for final executable to be signable, base binary MUST NOT have an existing signature. This change strips the ad-hoc signature from compiled macOS base binary. [1]: https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-universal-apps-release-notes Refs: vercel/pkg#1164 Bug: vercel/pkg#1023
jesec
added a commit
to vercel/pkg-fetch
that referenced
this pull request
May 10, 2021
Newer versions of Apple Clang automatically ad-hoc sign the compiled executable, due to the new mandatory code signing requirement [1]. However, for final executable to be signable, base binary MUST NOT have an existing signature. This change strips the ad-hoc signature from compiled macOS base binary. [1]: https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-universal-apps-release-notes Refs: vercel/pkg#1164 Bug: vercel/pkg#1023
bruce-one
added a commit
to bruce-one/nexe
that referenced
this pull request
Apr 12, 2023
Using the technique from pkg vercel/pkg#1164.
bruce-one
added a commit
to bruce-one/nexe
that referenced
this pull request
Apr 12, 2023
Using the technique from pkg vercel/pkg#1164.
bruce-one
added a commit
to bruce-one/nexe
that referenced
this pull request
Apr 13, 2023
Using the technique from pkg vercel/pkg#1164.
bruce-one
added a commit
to bruce-one/nexe
that referenced
this pull request
Apr 18, 2023
Using the technique from pkg vercel/pkg#1164.
bruce-one
added a commit
to bruce-one/nexe
that referenced
this pull request
Aug 27, 2023
Using the technique from pkg vercel/pkg#1164.
bruce-one
added a commit
to bruce-one/nexe
that referenced
this pull request
Nov 18, 2023
Using the technique from pkg vercel/pkg#1164.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Inspired by dotnet/runtime#46558 .
Test: manual, Apple M1 (with mandatory code signing requirement)
Bug: #66, #128, #1023