straffin
02/11/2020, 9:44 PMzwass
seph
codesign --force -s "${CODESIGN_IDENTITY}" -v --options runtime --timestamp osqueryd
will codesign it with the required options.
You can then submit that for notarization, by zipping it and uploading. Something like:
zip -r o.zip osqueryd
xcrun altool \
--username "${NOTARIZE_APPLE_ID}" \
--password @env:NOTARIZE_APP_PASSWD \
--asc-provider "${NOTARIZE_ACCOUNT_ID}" \
--notarize-app --file o.zip \
--primary-bundle-id io.osquery.osquery
(bundle id doesn’t really matter here)dover:bin seph$ spctl -a -vvv -t install osqueryd
osqueryd: accepted
source=Notarized Developer ID
origin=Developer ID Application: Kolide Inc (YZ3EM74M78)
straffin
02/12/2020, 4:52 PMseph
straffin
02/12/2020, 5:11 PMseph
osqueryd
binary, and re-package it into a kolide pkgstraffin
02/17/2020, 9:22 PMseph
straffin
02/17/2020, 9:26 PMseph
straffin
02/17/2020, 9:34 PMseph
straffin
02/17/2020, 9:37 PM"path": "osq-test-signed.pkg/payload.pkg Contents/Payload/private/var/tmp/osquery-4.1.2.pkg/osquery-4.1.2.pkg Contents/Payload/usr/local/bin/osqueryd",
"message": "The executable does not have the hardened runtime enabled."
seph
straffin
02/17/2020, 9:39 PMseph
straffin
02/17/2020, 9:41 PMseph
straffin
02/17/2020, 9:42 PM"path": "Duke_University_osquery_signed.pkg/Duke_University_osquery.pkg Contents/Payload/usr/local/bin/osqueryd",
"message": "The executable does not have the hardened runtime enabled."
seph
straffin
02/18/2020, 6:07 PMseph
straffin
02/19/2020, 4:11 PMseph