Skip to content

Commit

Permalink
Disabling library validation for MacOS app codesigning (for DuckDB Ex…
Browse files Browse the repository at this point in the history 
…tensions)
  • Loading branch information
@prmoore77
prmoore77 committed Jan 25, 2024
1 parent fd1539d commit 2e1e3a2
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 4 deletions.
7 changes: 3 additions & 4 deletions .github/workflows/build-docker-images.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,22 +37,22 @@ jobs:
run-build: true

- name: Sign and notarize the release build
uses: toitlang/action-macos-sign-notarize@v1.0.0
uses: toitlang/action-macos-sign-notarize@v1.1.0
with:
certificate: ${{ secrets.APPLE_CERTIFICATE }}
certificate-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
username: ${{ secrets.APPLE_ID_USERNAME }}
password: ${{ secrets.APPLE_ID_PASSWORD }}
apple-team-id: ${{ secrets.APPLE_TEAM_ID }}
app-path: build/flight_sql
entitlements-path: macos/entitlements.plist

- name: Zip artifacts
run: |
mv build/flight_sql .
zip -j ${{ env.zip_file_name }} flight_sql
- name: Upload artifacts
id: artifact-upload-step
uses: actions/upload-artifact@v4
with:
name: ${{ env.zip_file_name }}
Expand Down Expand Up @@ -102,7 +102,6 @@ jobs:
zip -j ${{ env.zip_file_name }} flight_sql
- name: Upload artifacts
id: artifact-upload-step
uses: actions/upload-artifact@v4
with:
name: ${{ env.zip_file_name }}
Expand All @@ -129,8 +128,8 @@ jobs:
provenance: false

create-release:
if: startsWith(github.ref, 'refs/tags/')
name: Create a release
if: startsWith(github.ref, 'refs/tags/')
needs: [build-project-macos, build-project-linux]
runs-on: ubuntu-latest
steps:
Expand Down
9 changes: 9 additions & 0 deletions macos/entitlements.plist
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<!-- We are disabling library validation b/c DuckDB imports extension libraries that are not signed by our Apple Team ID -->
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>

0 comments on commit 2e1e3a2

Please sign in to comment.