[v13] darwin: Use notarytool to notarize instead of altool#25454
Merged
camscale merged 1 commit intobranch/v13from May 2, 2023
Merged
[v13] darwin: Use notarytool to notarize instead of altool#25454camscale merged 1 commit intobranch/v13from
camscale merged 1 commit intobranch/v13from
Conversation
Switch to using the newer `notarytool` to notarize MacOS binaries instead of the older `altool`, as `altool` is deprecated and will no longer work come Fall 2023. This also makes for a quieter build as altool's output was quite verbose, and anecdotally, it seems to be more reliable - I haven't had a single notarization failure this way as opposed to the many we see in CI with `altool`. We used to use `gon` as part of our notarizing tool. `gon` still has an open issue to upgrade to `notarytool`, so we've switched away from it and used the Apple CLI tools instead to do the notarization. This is available now that we have moved to GitHub Actions for builds as it has a newer Xcode that contains notarytool. Update the Teleport Connect notarization, which was quite a bit simpler, although we do need an extra `$TEAMID` input, so handle it when that is not supplied and document in the README that it is needed. Backport: #25407
github-actions
Bot
requested review from
fheinecke,
ibeckermayer,
r0mant,
ravicious,
ryanclark,
tcsc and
wadells
r0mant
approved these changes
May 2, 2023
wadells
approved these changes
May 2, 2023
ibeckermayer
approved these changes
May 2, 2023
public-teleport-github-review-bot
Bot
removed request for
fheinecke,
ravicious and
tcsc
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Switch to using the newer
notarytoolto notarize MacOS binariesinstead of the older
altool, asaltoolis deprecated and will nolonger work come Fall 2023. This also makes for a quieter build as
altool's output was quite verbose, and anecdotally, it seems to be more
reliable - I haven't had a single notarization failure this way as
opposed to the many we see in CI with
altool.We used to use
gonas part of our notarizing tool.gonstill has anopen issue to upgrade to
notarytool, so we've switched away from itand used the Apple CLI tools instead to do the notarization. This is
available now that we have moved to GitHub Actions for builds as it has
a newer Xcode that contains notarytool.
Update the Teleport Connect notarization, which was quite a bit simpler,
although we do need an extra
$TEAMIDinput, so handle it when that isnot supplied and document in the README that it is needed.
Backport: #25407