OSX packages. Unsigned.
# cores
seph
02/13/2020, 10:12 PM
OSX packages. Unsigned.
t
theopolis
02/18/2020, 2:35 PM
did you use
-DCMAKE_OSX_DEPLOYMENT_TARGET=10.11s
seph
02/18/2020, 2:35 PM
Yes
t
theopolis
02/18/2020, 2:35 PM
❤️
s
seph
02/18/2020, 2:36 PM
I did not code sign. but that’s a thing that requires extra options now
seph
02/18/2020, 2:36 PM
I’m not sure what scripts you’re using, but I’ll PR the update
t
theopolis
02/19/2020, 3:49 AM
I published the signed pkg to the usual place on S3, I did not add the extra signing options (runtime, etc) since my signing VM is semi-offline and runs 10.12
s
seph
02/19/2020, 4:10 AM
I think that’s an issue now — apple’s notarization process changed in feb. Can’t notarize without those
seph
02/19/2020, 4:10 AM
I can sign a seph@kolide, though that feels like an undesirable change
t
theopolis
02/19/2020, 12:54 PM
Is there a way to tell if it'll be a problem concretely? I can sign again tonight perhaps
s
seph
02/19/2020, 2:51 PM
Sure. I Just tried notarizing it. As expected, it failed:
Copy code
"path": "osquery-4.2.0.pkg/osquery-4.2.0.pkg Contents/Payload/usr/local/bin/osqueryd",
"message": "The executable does not have the hardened runtime enabled.",seph
02/19/2020, 3:04 PM
I’ve started a packaging repo, to start playing with tools/scripts in
t
theopolis
02/19/2020, 3:18 PM
s
seph
02/19/2020, 3:20 PM
Are the scripts you use somewhere?
t
theopolis
02/19/2020, 3:31 PM
Last comment here https://github.com/osquery/osquery/issues/5689
s
seph
02/19/2020, 3:34 PM
danke
t
theopolis
02/20/2020, 1:18 AM
ok it took a series of 5min windows all day to get it resigned with the hardened runtime -- I will update the hash for the website PR and overwrite the 4.2.0 pkg in S3 in a sec
theopolis
02/20/2020, 2:03 PM
It's updated if you want to try to notarize again
s
seph
02/20/2020, 5:39 PM
https://pkg.osquery.io/darwin/osquery-4.2.0.pkg has been notarized
3 Views