https://github.com/osquery/osquery logo
#core
Title
s

seph

02/13/2020, 10:12 PM
OSX packages. Unsigned.
t

theopolis

02/18/2020, 2:35 PM
did you use
-DCMAKE_OSX_DEPLOYMENT_TARGET=10.11
when configuring cmake?
s

seph

02/18/2020, 2:35 PM
Yes
t

theopolis

02/18/2020, 2:35 PM
❤️
s

seph

02/18/2020, 2:36 PM
I did not code sign. but that’s a thing that requires extra options now
I’m not sure what scripts you’re using, but I’ll PR the update
t

theopolis

02/19/2020, 3:49 AM
I published the signed pkg to the usual place on S3, I did not add the extra signing options (runtime, etc) since my signing VM is semi-offline and runs 10.12
s

seph

02/19/2020, 4:10 AM
I think that’s an issue now — apple’s notarization process changed in feb. Can’t notarize without those
I can sign a seph@kolide, though that feels like an undesirable change
t

theopolis

02/19/2020, 12:54 PM
Is there a way to tell if it'll be a problem concretely? I can sign again tonight perhaps
s

seph

02/19/2020, 2:51 PM
Sure. I Just tried notarizing it. As expected, it failed:
Copy code
"path": "osquery-4.2.0.pkg/osquery-4.2.0.pkg Contents/Payload/usr/local/bin/osqueryd",
      "message": "The executable does not have the hardened runtime enabled.",
I’ve started a packaging repo, to start playing with tools/scripts in
t

theopolis

02/19/2020, 3:18 PM
s

seph

02/19/2020, 3:20 PM
Are the scripts you use somewhere?
t

theopolis

02/19/2020, 3:31 PM
s

seph

02/19/2020, 3:34 PM
danke
t

theopolis

02/20/2020, 1:18 AM
ok it took a series of 5min windows all day to get it resigned with the hardened runtime -- I will update the hash for the website PR and overwrite the 4.2.0 pkg in S3 in a sec
It's updated if you want to try to notarize again
s

seph

02/20/2020, 5:39 PM
2 Views