New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for macOS signing. #1049
Open
bruce-one
wants to merge
10
commits into
nexe:master
Choose a base branch
from
bruce-one:macos-signing
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
bruce-one
force-pushed
the
macos-signing
branch
3 times, most recently
from
April 13, 2023 02:41
4038996
to
5fd87e2
Compare
bruce-one
force-pushed
the
macos-signing
branch
from
April 13, 2023 02:44
5fd87e2
to
409af8d
Compare
bruce-one
force-pushed
the
macos-signing
branch
from
April 17, 2023 00:11
7b34d0a
to
94d330e
Compare
calebboyd
reviewed
Apr 17, 2023
Thanks for opening this. Lets leave it as reference and address it after zipfs is in? |
bruce-one
force-pushed
the
macos-signing
branch
from
April 18, 2023 01:52
94d330e
to
d4e2e56
Compare
bruce-one
force-pushed
the
macos-signing
branch
from
August 27, 2023 01:40
d4e2e56
to
a9e12a3
Compare
bruce-one
force-pushed
the
macos-signing
branch
from
November 18, 2023 02:52
a9e12a3
to
a601701
Compare
On macOS the temp path is a symlink and this was making the `/snapshot` resolution (`this.root` vs `/snapshot` in the zipFs) not work properly. This feels a bit like a workaround, but the path being different to the executable was the culprit in the tests not working - and that's manual code in the integration test script, and due to the custom entrypoint for Mochs, so don't think it is a workaround :-)
bruce-one
force-pushed
the
macos-signing
branch
2 times, most recently
from
January 27, 2024 20:42
60de481
to
aa10495
Compare
Using the technique from pkg vercel/pkg#1164.
As it is appended to the end of the file. From my testing I saw 844000 ish as the `footerPosition`, so going up to 1600000 seemed sane.
Rather than hoping we find it on the first read. When doing macOS signing the signature and entitlements are placed after the nexe sentinel, so we may not find it immediately.
bruce-one
force-pushed
the
macos-signing
branch
from
January 29, 2024 19:55
aa10495
to
fcd05a8
Compare
This shouldn't make the test execution fail. It seems to popup occasionally for some Windows removal racing, or similar.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
This PR fixes macOS signing in the same way that pkg does.
Which issue(s) this PR fixes:
Fixes #446
Special notes for your reviewer:
I've tested these steps manually (using ldid to try the signing step),
but haven't tested them as part of the nexe codebase as I don't have access to a mac...got some access :-) All working here :-)The impl isn't using any streaming or any such, but the binary shouldn't be big enough to cause any real memory pressure I'd have thought? But perhaps it could be tweaked to work via streams or similar, for now I just wanted to create the draft PR in case it can help others :-) (And perhaps cleanup is a later thing? 馃し :-) )
Until it's releasable, something akin to the following would work as a workaround:
build.js
or, if done via the command line: