mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
a5691d8f0a
This PR specifies a binary identifier for `fleetctl` on macOS, which resolves the codesignature testing issue from #30352. # Tests To test this, I unsigned an affected version of `fleetctl`: ```shell codesign --remove-signature fleetctl ``` I then installed `rcodesign` 0.29.0, and signed the binary myself, with the added `--binary-identifier` flag: ```shell ./rcodesign sign --p12-file Certificates.p12 --p12-password-file=.p12_password --for-notarization --binary-identifier com.fleetdm.fleetctl fleetctl ``` Then, I obtained the codesigning requirement from my newly signed binary: ```shell $ codesign -d -r- fleetctl Executable=/Users/jacob.burley/Downloads/fleetctl_v4.67.3_macos/fleetctl designated => identifier "com.fleetdm.fleetctl" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "XXXXXXXXXX" ``` I then tested the code signature with the designated requirement given: ```shell $ codesign --test-requirement='=identifier "com.fleetdm.fleetctl" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "XXXXXXXXXX"' --verbose=2 --verify fleetctl fleetctl: valid on disk fleetctl: satisfies its Designated Requirement fleetctl: explicit requirement satisfied ``` # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. |
||
|---|---|---|
| .. | ||
| main.sh | ||