Skip to content
This repository has been archived by the owner on Jul 14, 2021. It is now read-only.

Fixes all notarization issues #2691

Merged
merged 1 commit into from
Jan 28, 2020
Merged

Fixes all notarization issues #2691

merged 1 commit into from
Jan 28, 2020

Conversation

jonsmorrow
Copy link
Contributor

@jonsmorrow jonsmorrow commented Jan 15, 2020

Description

This changes makes the neccessary changes to enable the pkg to pass Apple's notarization requirements.

1. Update omnibus and omnibus-software to versions that support deep signing
2. Drop 'Developer ID Installer:' from signing key. This lets sigining pick up the correct key for what is being signed.
3. Add bin_dirs and lib_dirs to chefdk and git-custom-bindir software definitions so siging can find their binaries and libraries.
4. Add software definition for rb-fsevent-gem so we build the gem. This resolves an issue where the shipped binary is build on to old an sdk.
5. Patch rb-fsevent-gem build to work in our environment. Set minimum target to current os and discover the sdk version.

Signed-off-by: Jon Morrow jmorrow@chef.io

Related Issue

chef/omnibus#924
chef/omnibus-software#1146

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Chore (non-breaking change that does not add functionality or fix an issue)

Checklist:

  • I have read the CONTRIBUTING document.
  • I have run the pre-merge tests locally and they pass.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • All commits have been signed-off for the Developer Certificate of Origin.

@jonsmorrow
Copy link
Contributor Author

@tas50 This should be ready too.

@tas50
Copy link
Contributor

tas50 commented Jan 23, 2020

@jonsmorrow Can you rebase this?

    This changes makes the neccessary changes to enable the pkg to pass apples notarization requirements.

    1. Update omnibus and omnibus-software to versions that support deep signing
    2. Drop 'Developer ID Installer:' from signing key. This lets sigining pick up the correct key for what is being signed.
    3. Add bin_dirs and lib_dirs to chefdk and git-custom-bindir software definitions so siging can find their binaries and libraries.
    4. Add software definition for rb-fsevent-gem so we build the gem. This resolves an issue where the shipped binary is build on to old an sdk.
    5. Patch rb-fsevent-gem build to work in our environment. Set minimum target to current os and discover the sdk version.

Signed-off-by: Jon Morrow <jmorrow@chef.io>
@jonsmorrow
Copy link
Contributor Author

@tas50 Yep and done.

@tas50 tas50 merged commit beddda6 into master Jan 28, 2020
@chef-expeditor chef-expeditor bot deleted the jm/deep_sign branch January 28, 2020 02:30
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants