Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CircleCI config to sign MacOS binaries #2661

Merged
merged 4 commits into from
Aug 11, 2023
Merged

Update CircleCI config to sign MacOS binaries #2661

merged 4 commits into from
Aug 11, 2023

Conversation

marinalimeira
Copy link
Contributor

@marinalimeira marinalimeira commented Aug 11, 2023
edited
Loading

Description

We are already able to sign the binaries of internal projects, like patcher-cli and terrapatch-cli.

I am replicating the same process in Terragrunt, the MacOS binaries will be signed and notarized before generating the sha256sum.

Related:

Test release: https://github.com/gruntwork-io/terragrunt/releases/tag/v0.48.7-test-signing-binaries

TODOs

Read the Gruntwork contribution guidelines.

  • Update the docs.
  • Run the relevant tests successfully, including pre-commit checks.
  • Ensure any 3rd party code adheres with our license policy or delete this line if its not applicable.
  • Include release notes. If this PR is backward incompatible, include a migration guide.

Release Notes (draft)

Signing MacOS binaries from now on! 🎉

@marinalimeira marinalimeira changed the title Add config of CircleCI to sign MacOS binaries Update CircleCI config to sign MacOS binaries Aug 11, 2023
@marinalimeira
Copy link
Contributor Author

Output of codesign for both binaries:

> codesign -dv --verbose=4 terragrunt_darwin_amd64                                                                                                                                                                                                  12:24:01
Executable=/Users/marina/Downloads/terragrunt_darwin_amd64
Identifier=terragrunt_darwin_amd64
Format=Mach-O thin (x86_64)
CodeDirectory v=20500 size=358691 flags=0x10000(runtime) hashes=11203+2 location=embedded
VersionPlatform=1
VersionMin=658688
VersionSDK=658688
Hash type=sha256 size=32
CandidateCDHash sha256=090e26dc9854fc87afe79cfc7c5cddcb1dde2f1a
CandidateCDHashFull sha256=090e26dc9854fc87afe79cfc7c5cddcb1dde2f1af2bbe2b447fdfbcbb6383bf1
Hash choices=sha256
CMSDigest=090e26dc9854fc87afe79cfc7c5cddcb1dde2f1af2bbe2b447fdfbcbb6383bf1
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=32075776
Executable Segment flags=0x1
Page size=4096
Launch Constraints:
	None
CDHash=090e26dc9854fc87afe79cfc7c5cddcb1dde2f1a
Signature size=9050
Authority=Developer ID Application: Gruntwork, Inc. (39Y4Q5CHUA)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=11. Aug 2023 at 12:16:20
Info.plist=not bound
TeamIdentifier=39Y4Q5CHUA
Runtime Version=10.13.0
Sealed Resources=none
Internal requirements count=1 size=184
/Users/marina/Downloads

> codesign -dv --verbose=4 terragrunt_darwin_arm64                                                                                                                                                                                                  12:23:46
Executable=/Users/marina/Downloads/terragrunt_darwin_arm64
Identifier=terragrunt_darwin_arm64
Format=Mach-O thin (arm64)
CodeDirectory v=20500 size=351203 flags=0x10000(runtime) hashes=10969+2 location=embedded
VersionPlatform=1
VersionMin=720896
VersionSDK=720896
Hash type=sha256 size=32
CandidateCDHash sha256=5d08e775141c882264ce2b16a95ed34e341de644
CandidateCDHashFull sha256=5d08e775141c882264ce2b16a95ed34e341de6441dad56e767691fc52016ceec
Hash choices=sha256
CMSDigest=5d08e775141c882264ce2b16a95ed34e341de6441dad56e767691fc52016ceec
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=17711104
Executable Segment flags=0x1
Page size=4096
Launch Constraints:
	None
CDHash=5d08e775141c882264ce2b16a95ed34e341de644
Signature size=9049
Authority=Developer ID Application: Gruntwork, Inc. (39Y4Q5CHUA)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=11. Aug 2023 at 12:17:58
Info.plist=not bound
TeamIdentifier=39Y4Q5CHUA
Runtime Version=11.0.0
Sealed Resources=none
Internal requirements count=1 size=184

This was referenced Aug 11, 2023
Merged
Merged
Merged
denis256
denis256 approved these changes Aug 11, 2023
View reviewed changes
Copy link
Member

@denis256 denis256 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Failing test TestErrorExplaining I fixed in master, in another PR

@marinalimeira
Copy link
Contributor Author

Thank you both for reviewing!

@marinalimeira marinalimeira merged commit 3e1b0b5 into master Aug 11, 2023
@marinalimeira marinalimeira deleted the sign-macos-builds branch August 11, 2023 14:32
hugorut pushed a commit to infracost/terragrunt that referenced this pull request Oct 10, 2023
@marinalimeira @hugorut
Update CircleCI config to sign MacOS binaries (gruntwork-io#2661)
3f7c5e8 
* Add config of circleci to sign macos binaries

* Add go orb

* Persist workspace between jobs

* Fix spacing in persist_to_workspace
hugorut pushed a commit to infracost/terragrunt that referenced this pull request Oct 10, 2023
@marinalimeira @hugorut
Update CircleCI config to sign MacOS binaries (gruntwork-io#2661)
93ee9fd 
* Add config of circleci to sign macos binaries

* Add go orb

* Persist workspace between jobs

* Fix spacing in persist_to_workspace
@renovate renovate bot mentioned this pull request Apr 28, 2024
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MoonMoon1919 MoonMoon1919 MoonMoon1919 approved these changes

@denis256 denis256 denis256 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marinalimeira @denis256 @MoonMoon1919