Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QEMU binary /Users/<USER>/.colima/_wrapper/<HASH>/bin/qemu-system-x86_64 is not properly signed is confusing #796

Closed
AkihiroSuda opened this issue Sep 4, 2023 · 2 comments · Fixed by #848
Closed

QEMU binary /Users/<USER>/.colima/_wrapper/<HASH>/bin/qemu-system-x86_64 is not properly signed is confusing #796

AkihiroSuda opened this issue Sep 4, 2023 · 2 comments · Fixed by #848
Milestone
v0.6.0

Comments

@AkihiroSuda
Copy link
Contributor

AkihiroSuda commented Sep 4, 2023
edited
Loading

Note

This warning is negligible if the VM is working.

If the VM is not working, you have to sign the actual QEMU binary (e.g., /usr/local/bin), not the wrapper in ~/.colima/_wrapper/ .

The warning should not be shown if you run Lima directly without Colima.

Lima (since v0.17.2 lima-vm/lima#1743) prints a confusing warning for colima, as colima injects a custom QEMU wrapper binary:

$ colima start
...
INFO[0000] starting ...                                  context=vm
> "QEMU binary \"/Users/<USER>/.colima/_wrapper/4e1b408f843d1c63afbbdcf80c40e4c88d33509f/bin/qemu-system-x86_64\" is not properly signed with the \"com.apple.security.hypervisor\" entitlement" error="failed to run [codesign --verify /Users/<USER>/.colima/_wrapper/4e1b408f843d1c63afbbdcf80c40e4c88d33509f/bin/qemu-system-x86_64]: exit status 1 (out=\"/Users/<USER>/.colima/_wrapper/4e1b408f843d1c63afbbdcf80c40e4c88d33509f/bin/qemu-system-x86_64: code object is not signed at all\\nIn architecture: x86_64\\n\")"
> You have to sign the QEMU binary with the "com.apple.security.hypervisor" entitlement manually. See https://github.com/lima-vm/lima/issues/1742 .

lima-vm/lima#1742 (comment)

I'd suggest to do one of:

  • Eliminate the QEMU wrapper binary. Custom qemu args can be still injected with $QEMU_SYSTEM_<ARCH> (discouraged though). If something is missing in Lima, please feel free to open an issue or PR in the Lima repo.
  • Sign the QEMU wrapper binary to silence the warning.
  • Change the default driver to VZ (Lima is also likely to switch to VZ soon).
@AkihiroSuda AkihiroSuda mentioned this issue Sep 7, 2023
Closed
5 tasks
@regulskimichal regulskimichal mentioned this issue Sep 10, 2023
Merged
@AkihiroSuda AkihiroSuda mentioned this issue Sep 18, 2023
Closed
@AkihiroSuda AkihiroSuda mentioned this issue Sep 27, 2023
Merged
@AkihiroSuda
Copy link
Contributor Author

As a workaround, I'm going to weaken the warning message to look less scary in Lima v0.18.0

@abiosoft
Copy link
Owner

abiosoft commented Oct 3, 2023

I'd suggest to do one of:

  • Eliminate the QEMU wrapper binary. Custom qemu args can be still injected with $QEMU_SYSTEM_<ARCH> (discouraged though). If something is missing in Lima, please feel free to open an issue or PR in the Lima repo.
  • Sign the QEMU wrapper binary to silence the warning.
  • Change the default driver to VZ (Lima is also likely to switch to VZ soon).

Options 1 and 3 is planned.

Thanks.

@abiosoft abiosoft added this to the v0.6.0 milestone Oct 3, 2023
@abiosoft abiosoft mentioned this issue Nov 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.6.0
Development

Successfully merging a pull request may close this issue.

v0.6.0 refactor abiosoft/colima
2 participants
@abiosoft @AkihiroSuda