-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: sign & notarize macOS binaries #335
Comments
I'm having a hard time finding the relevant documentation from Apple, but based on the README from https://github.com/mitchellh/gon it sounds like we would need to distribute macOS builds as either .pkg, .dmg, .app, or .zip in order to include a code signature (and apparently if we want to staple the notarization from Apple we can't use a .zip archive). Of these I think a .pkg installer might be the most appropriate choice for a command-line utility, but it would require some additional decisions: at a minimum I think we need to choose an installation location (e.g. |
Some possibly helpful references about the .pkg format: |
Is your feature request related to a problem? Please describe.
Attempting to download and run a macOS binary (e.g. from https://github.com/pomerium/cli/releases/download/v0.22.0/pomerium-cli-darwin-arm64.tar.gz) may result in an error like this:
Describe the solution you'd like
Let's make sure we understand and fulfill the code signing & notarization requirements for distributing macOS binaries.
Describe alternatives you've considered
For reasons I don't completely understand, I haven't seen this error when running a
pomerium-cli
binary distributed through Homebrew. We might want to better understand how this works.Explain any additional use-cases
n/a
Additional context
We may be able to use https://github.com/mitchellh/gon to help automate the notarization process.
Other references:
The text was updated successfully, but these errors were encountered: