-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Makefile] Fix codesign of libjulia when installing it on macOS #44510
Conversation
We don't want to use We have the invocation here, we basically want to do this after EDIT: Ah, and in the case that you're building locally and don't need to redistribute (e.g. you have no codesigning key) you can still use |
Sad for not being able to use a JLL, but I added a shell script based on what codesigning currently does in Makefile. |
7b4d465
to
8a36ddf
Compare
8a36ddf
to
348989c
Compare
echo "Codesigning with identity ${MACOS_CODESIGN_IDENTITY}" | ||
for f in ${MACHO_FILES}; do | ||
echo "Codesigning ${f}..." | ||
codesign -s "${MACOS_CODESIGN_IDENTITY}" --option=runtime ${ENTITLEMENTS} -vvv --timestamp --deep --force "${f}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
make binary-dist
worked fine in CI, yay! But I wish posix shells supported arrays, leaving ${ENTITLEMENTS}
unquoted makes me uncomfortable 😞
This was only included for 1.9, and it still fails for released 1.8.0: #44502 (comment) Could the patch be backported? |
Do we also need to backport this to 1.6? |
I don't think so. Julia 1.6 did not support macOS ARM (aka Apple Silicon), and on macOS Intel the binaries produced by the system compiler are not signed by default (unlike ARM, where they systematically have an ad hoc signature). So on Intel, the binary is still valid after |
* [Makefile] Fix codesign of libjulia when installing it on macOS * Add shell sript for codesigning and use it in Makefile (cherry picked from commit 8076517)
Probably it isn't the cleanest solution possible, but it does the job for me 🙂
Fix #44502