-
Notifications
You must be signed in to change notification settings - Fork 414
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Force codesign to replace existing signatures #6975
Conversation
0e5f7ef
to
886f709
Compare
@voodoos I pushed some changes. Can you check that the test suite passes on M1? (the "replacing existing signature" messages should be gone) |
Indeed, the messages are gone ✅ |
d729c8f
to
4b52eb2
Compare
We add `-f` to the list of flags passed to `codesign`. In some cases, the binary already has a signature so the `codesign` tool from Apple prints some error messages on stderr. We filter out these error messages as they are innocuous. In addition, this ensures that the test suite has the same output on macos and Linux. Fixes ocaml#6265 Signed-off-by: Ulysse Gérard <[email protected]> Signed-off-by: Etienne Millon <[email protected]> Co-authored-by: Etienne Millon <[email protected]>
4b52eb2
to
f9a9516
Compare
@anmonteiro we implemented the fix you suggested. can you try it and let me know if it works for you? |
@@ -52,8 +52,22 @@ type conf = | |||
} | |||
|
|||
let mac_codesign_hook ~codesign path = | |||
Process.run ~display:!Clflags.display Strict codesign | |||
[ "-s"; "-"; Path.to_string path ] | |||
Temp.with_temp_file ~dir:Path.root ~prefix:"codesign" ~suffix:"stderr" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure it's the right API to call / the right dir to put the tempfile.
Signed-off-by: Etienne Millon <[email protected]>
I don’t actually have access to a m1 machine anymore, and won’t have for at least another 2 weeks. If you don’t mind waiting I could try then. |
No problem. Since I think the issue only affects m1+nix users I think that we can move that to 3.8. Thanks! |
I've now confirmed this works on arm64 (M2) + nix. |
Closing in favor of #6975. |
We add
-f
to the list of flags passed tocodesign
. In some cases, the binary already has a signature so thecodesign
tool from Apple prints some error messages on stderr. We filter out these error messages as they are innocuous. In addition, this ensures that the test suite has the same output on macos and Linux.Fixes #6265