What are the most appropriate ways to harden, code-sign, notarize, package, etc., a command-line binary (stdin, stdout, etc., no windows or icons) to allow distribution of the binary to macOS Catalina users, so that they can run the utility with the least amount of pain/hassle?
Assume the default/stock OS configuration of GateKeeper, etc.
Assume the users most likely currently don't have the installed tools or skills to compile from source.
Assume that a Terminal window popping up when running the utility won't scare them.
OLD ANSWER (2020):
I've started using https://github.com/mitchellh/gon recently, and am very happy with it. From the makers of Vagrant, Terraform, Packer, et al.
UPDATED ANSWER (2022):
Gon is very nearly abandonware at this point, which is disappointing. However, since then, Apple also released notarytool, which essentially does what Gon did.
I use GoReleaser for releases, and this is the notarization step in my .goreleaser.yml file. (You should be able to convert this back to a standard shell command pretty easily.)
signs:
- id: gatekeeper
ids:
- macos-archive
signature: "${artifact}"
cmd: xcrun
args:
[
"notarytool",
"submit",
"./dist/{{ .ProjectName }}-{{ .Version }}.darwin.universal.zip",
"--apple-id",
"{{ .Env.AC_APPLE_ID }}",
"--password",
"{{ .Env.AC_PASSWORD }}",
"--team-id",
"{{ .Env.AC_TEAM_ID }}",
"--progress",
"--wait",
]
Related
I am using ansible to remove python on a windows VM (hence chocolatey) that I have.
I get this error when I set remove_dependencies to yes.
"changed": false, "msg": "Unsupported parameters for (win_chocolatey module: remove_dependencies. Supported parameters include: proxy_username, timeout, source, name, soure_password, ignore_dependencies, source_username, architecture, ignore_checksums, allow_multiple, validte_certs, proxy_password, allow_prerelease, skip_scripts, allow_empty_checksums, proxy_url, state, packge_params, pinned, force, install_args, execution_timeout, params"}
On ansible's website under their chocolatey documentation, remove_dependencies is still listed. I did not find anything about it being deprecated. (https://docs.ansible.com/ansible/latest/collections/chocolatey/chocolatey/win_chocolatey_module.html). Is there an update I may have missed? Can anyone fill me in on what is going on?
I found a solution to this problem. Not sure if it is the right one but it works. If you set force: yes then it forces the uninstall
I am trying to build a python 3.5 environment that supports an old hddm library. Standard approaches fail due to my/anaconda's apparent inability in ignore (or downgrade) the 10.1 cuda library in favor of an older one that works with hddm.
There is a yml file available that describes a successful environment. But the advertised command
conda env create -file hddm_py35.yml
fails with an error listing all of the packages "not found." Here are the errors.
(base) PS C:\Users\Peter\anaconda3_Sep2020> conda env create --file .\hddm_py35.yml
Collecting package metadata (repodata.json): done
Solving environment: failed
ResolvePackageNotFound:
odo==0.5.0=py35_1
cffi==1.7.0=py35_0
dill==0.2.5=py35_0
singledispatch==3.4.0.3=py35_0
nb_conda_kernels==2.0.0=py35_0
requests==2.14.2=py35_0
scikit-learn==0.17.1=np111py35_1
wheel==0.29.0=py35_0
jedi==0.9.0=py35_1
widgetsnbextension==1.2.6=py35_0
bitarray==0.8.1=py35_1
theano==1.0.2=py35_0
pytz==2016.6.1=py35_0
pylint==1.5.4=py35_1
ruamel_yaml==0.11.14=py35_0
partd==0.3.6=py35_0
llvmlite==0.13.0=py35_0
multipledispatch==0.4.8=py35_0
pyparsing==2.1.4=py35_0
console_shortcut==0.1.1=py35_1
ipython_genutils==0.1.0=py35_0
patsy==0.4.1=py35_0
pytest==2.9.2=py35_0
heapdict==1.0.0=py35_1
ipywidgets==5.2.2=py35_0
bokeh==0.12.2=py35_0
hdf5==1.8.15.1=2
networkx==1.11=py35_0
backports==1.0=py35_0
pyasn1==0.1.9=py35_0
pyqt==5.6.0=py35h6538335_6
zlib==1.2.11=hbb18732_2
et_xmlfile==1.0.1=py35_0
traitlets==4.3.0=py35_0
colorama==0.3.7=py35_0
argcomplete==1.0.0=py35_1
pywin32==220=py35_1
astropy==1.2.1=np111py35_0
nose==1.3.7=py35_1
freetype==2.8=h0224ed4_1
pkginfo==1.3.2=py35_0
cloudpickle==0.2.1=py35_0
sqlalchemy==1.0.13=py35_0
lazy-object-proxy==1.2.1=py35_0
markupsafe==0.23=py35_2
prompt_toolkit==1.0.3=py35_0
pickleshare==0.7.4=py35_0
itsdangerous==0.24=py35_0
babel==2.3.4=py35_0
click==6.6=py35_0
six==1.10.0=py35_0
libdynd==0.7.2=0
jdcal==1.2=py35_1
pymc==2.3.6=np111py35_2
pathlib2==2.1.0=py35_0
astroid==1.4.7=py35_0
numba==0.28.1=np111py35_0
qtconsole==4.2.1=py35_2
wrapt==1.10.6=py35_0
idna==2.1=py35_0
pytables==3.2.2=np111py35_4
_nb_ext_conf==0.3.0=py35_0
dynd-python==0.7.2=py35_0
numexpr==2.6.1=np111py35_0
werkzeug==0.11.11=py35_0
rope==0.9.4=py35_1
jupyter_client==4.4.0=py35_0
pyzmq==15.4.0=py35_0
python-dateutil==2.5.3=py35_0
beautifulsoup4==4.5.1=py35_0
blaze==0.10.1=py35_0
nbformat==4.1.0=py35_0
nbpresent==3.0.2=py35_0
sip==4.18=py35_0
chest==0.2.3=py35_0
glob2==0.5=py35_0
locket==0.2.0=py35_1
mistune==0.7.3=py35_0
alabaster==0.7.9=py35_0
setuptools==27.2.0=py35_1
win_unicode_console==0.5=py35_0
filelock==2.0.6=py35_0
_license==1.1=py35_1
ipykernel==4.5.0=py35_0
qt==5.6.2=vc14h6f76a7e_12
pep8==1.7.0=py35_0
xlwings==0.10.0=py35_0
spyder==3.0.0=py35_0
xlrd==1.0.0=py35_0
scipy==0.18.1=np111py35_0
dask==0.11.0=py35_0
nbconvert==4.2.0=py35_0
pip==8.1.2=py35_0
mkl==11.3.3=1
nb_anacondacloud==1.2.0=py35_0
cython==0.24.1=py35_0
flask-cors==2.1.2=py35_0
ipython==5.1.0=py35_0
cycler==0.10.0=py35_0
jpeg==9b=he27b436_2
menuinst==1.4.1=py35_0
anaconda==4.2.0=np111py35_0
configobj==5.0.6=py35_0
boto==2.42.0=py35_0
unicodecsv==0.14.1=py35_0
scikit-image==0.12.3=np111py35_1
contextlib2==0.5.3=py35_0
conda-build==3.0.19=py35h15d37ab_0
jinja2==2.8=py35_1
conda-verify==2.0.0=py35_0
get_terminal_size==1.0.0=py35_0
qtpy==1.1.2=py35_0
anaconda-client==1.5.1=py35_0
decorator==4.0.10=py35_0
ply==3.9=py35_0
openpyxl==2.3.2=py35_0
sockjs-tornado==1.0.3=py35_0
pyyaml==3.12=py35_0
snowballstemmer==1.2.1=py35_0
toolz==0.8.0=py35_0
py==1.4.31=py35_0
xlwt==1.1.2=py35_0
clyent==1.2.2=py35_0
bottleneck==1.1.0=np111py35_0
jupyter==1.0.0=py35_3
mkl-service==1.1.2=py35_2
simplegeneric==0.8.1=py35_1
wcwidth==0.1.7=py35_0
h5py==2.6.0=np111py35_2
gevent==1.1.2=py35_0
pycrypto==2.6.1=py35_4
datashape==0.5.2=py35_0
psutil==4.3.1=py35_0
nltk==3.2.1=py35_0
jsonschema==2.5.1=py35_0
notebook==4.2.3=py35_0
pycparser==2.14=py35_1
xlsxwriter==0.9.3=py35_0
jupyter_core==4.2.0=py35_0
qtawesome==0.3.3=py35_0
fastcache==1.0.2=py35_1
jupyter_console==5.0.0=py35_0
tornado==4.4.1=py35_0
path.py==8.2.1=py35_0
pyflakes==1.3.0=py35_0
sympy==1.0=py35_0
pandas==0.20.1=np111py35_0
pygments==2.1.3=py35_0
anaconda-clean==1.0.0=py35_0
mpmath==0.19=py35_1
comtypes==1.1.2=py35_0
cryptography==1.5=py35_0
chardet==3.0.4=py35_0
entrypoints==0.2.2=py35_0
sphinx==1.4.6=py35_0
greenlet==0.4.10=py35_0
anaconda-navigator==1.3.1=py35_0
flask==0.11.1=py35_0
pyopenssl==16.2.0=py35_0
lxml==3.6.4=py35_0
icu==58.2=h3fcc66b_1
docutils==0.12=py35_2
statsmodels==0.6.1=np111py35_1
nb_conda==2.0.0=py35_0
imagesize==0.7.1=py35_0
(base) PS C:\Users\Peter\anaconda3_Sep2020>
The failure occurred within seconds. I get the feeling that conda didn't even try to look for these packages!?!?
Am I supposed to download these packages, put them somewhere, and then tell conda to find them on my hard drive?
Is there a flag that tells conda to do its usually find-and-load for all "missing" packages -- but only in the environment I'm describing? In my base environment (3.8) I don't wish to downgrade.
Should make a new 3.5 environment and then work through the list one-by-one and uninstall/remove/downgrade each package by hand?
Meta question: This must be a FAQ, and yet I'm not able to google for the answer. That usually means googling for "conda install environment from yaml file" doesn't contain the appropriate vocabulary for, well, trying to induce conda to install an environment from a yaml file. What question should I have asked?
1) Am I supposed to download these packages, put them somewhere, and then
tell conda to find them on my hard drive?
Not necessary. But searching for the versions on anaconda.org helps identify channels for one-by-one manual download.
2) Is there a flag that tells conda to do its usually find-and-load for all
"missing" packages -- but only in the environment I'm describing? In my base
environment (3.8) I don't wish to downgrade.
There is no evidence that conda will automatically download files listed in a yaml file that are missing in the present environment.
3) Should make a new 3.5 environment and then work through the list one-by-
one and uninstall/remove/downgrade each package by hand?
Yes.
4) Meta question: This must be a FAQ, and yet I'm not able to google for the
answer. That usually means googling for "conda install environment from yaml
file" doesn't contain the appropriate vocabulary for, well, trying to induce
conda to install an environment from a yaml file. What question should I have
asked?
There is no evidence that yaml files are anything other than lists of version of packages in an environment. They cannot be used to make new environments (unless all of the components are already present in the host environment, maybe) so their value is largely annotative. Evidently.
For the case of making an environment for hddm in 2020, well, don't try. Cuda support will work against you. There is a hddm host at https://colab.research.google.com/ that is properly configured (without cuda disruption) so that you can use it to kick tires, etc. Getting hddm to work in any other context probably requires dedicated hardware so that the cuda driver can be manipulated for this application only and not break any other applications in the process.
My installer started off years ago and thus has a Quick Launch bar task.
Name: "{userappdata}\Microsoft\Internet Explorer\Quick Launch\Public Talks"; \
Filename: "{app}\CommunityTalks.exe"; \
MinVersion: 4,4; \
Tasks: quicklaunchicon
When compiling this raises the warning:
Warning: The [Setup] section directive "PrivilegesRequired" is set to
"admin" but per-user areas (HKCU,userappdata) are used by the script.
Regardless of the version of Windows, if the installation is running
in administrative install mode then you should be careful about making
any per-user area changes: such changes may not achieve what you are
intending. See the "UsedUserAreasWarning" topic in help file for more
information.
How should we handle that?
Remove the "Quick Launch" toolbar functionality from your installer.
No one is using that nowadays. The "Quick Launch" toolbar was removed in Windows 7 (2009).
Sorry about the vagueness of the question title, but I've been having problems compiling Firefox OS and am unsure where to turn (I know there's Bugzilla but I'm not sure if what I'm experiencing is a bug or not)
Basically, I've been trying to compile the latest Firefox OS from source using the official instructions. I'm trying to build a system that supports the languages en-GB, en-US and tr (with en-GB as the default). My .userconfig is as follows:
export MAKE=
export CC=gcc-4.6
export CXX=g++-4.6
VARIANT=user
# GAIA l10n
export GAIA_DEFAULT_LOCALE="en-GB"
export LOCALE_BASEDIR="$PWD/locales"
export LOCALES_FILE="$PWD/locales/languages_some.json"
export GAIA_KEYBOARD_LAYOUTS="en,tr"
# Gecko l10n
export L10NBASEDIR=$PWD/gecko-locales
export MOZ_CHROME_MULTILOCALE="en-GB tr"
export PATH="$PATH:$PWD/compare-locales/scripts"
export PYTHONPATH="$PWD/compare-locales/lib"
The contents of languages_some.json is as follows:
{
"en-GB" : "English (GB)",
"en-US" : "English (US)",
"tr" : "Türkçe"
}
compare_locales contains an unmodified clone of this repo, and gecko-locales contains clones of en-GB and tr locales from the official repository (there is no 'en' or 'en-US' repository).
Now, I'm not 100% sure where the error is. I have tried searching Google for any suspect lines, but nothing has come up.
I have posted full output as a GitHub Gist. Suspect lines as far as I can tell (this is my first time compiling either Firefox or a mobile phone OS) are:
2015-03-16 16:43:12: stackwalker.cc:125: INFO: Couldn't load symbols for: |
2015-03-16 16:43:12: basic_code_modules.cc:88: INFO: No module at 0x2ab95ac94aa0
(then followed by a lot of 'No module at ...' errors)
also
System JS : ERROR file:///opt/src/B2G/gaia/b2g_sdk/34.0a1-2014-08-12-04-02-01/b2g/components/nsHandlerService.js:120 - NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIProperties.get]
This error is repeated a fair few times throughout the code, but I can't tell if it's harmless or if it's stopping the build.
There's also a bunch of lines about missing translations, but I imagine they're just harmless. I have tried to cut them down as much as possible (by adding the missing translations) but the problem persists.
Oh yes, and in case someone asks, I have been running with my phone plugged in, and it is visible on adb devices. I have also tried removing the out and backup-inari directories.
System specs, PC:
Debian Sid, mostly up-to-date, but running with an old version of make (build refuses to run on any version newer than 3.8)
GCC 4.6 and 4.9. export CC=gcc-4.6 set in .userconfig
G++ 4.6 and 4.9. export CXX=g++-4.6 set in .userconfig
Phone:
Original ZTE Open. This originally came with FFOS 1.0, but I have since upgraded to 1.1 by flashing the official ROM.
I am using Marmalade to build a PlayBook app, but I think my question applies to PlayBook apps in general. I have successfully created a debugtoken.bar file and have installed it on my device. When I go to try to install a built application.bar file on the device, I get:
[execute] "blackberry-deploy.bat -device 192.168.1.114 -password ******* -installApp -package deployments\default\playbook\release\Quote Unquote.bar"
Info: Sending request: Install
Info: Action: Install
Info: File size: 6400334
Info: Installing ...
Info: Processing 6400334 bytes
actual_dname::
actual_id::
actual_version::
result::failure 881 required signatures missing (RDK, AUTHOR)
ERROR: error running blackberry-deploy
***ERROR***
Note that this is the Marmalade deploy tool running the standard PlayBook installer.
What I don't understand is: I thought the point of using a debugtoken.bar file was that you could install unsigned apps. I have in fact successfully deployed these unsigned apps using the Marmalade deploy tool just like this. But I was having problems signing the app for distribution, so I went back and did everything from scratch, requested new code signing keys from RIM, made a new debugtoken.bar file and installed it, etc. And now I'm worse off than I was before because I can't even install to the device now.
So again: My understanding is that the point of debugtoken.bar was to be able to deploy to the device before actually signing the application.bar for distribution. So what does this error message even mean?
To answer my own question:
For deploying a "debug" build to a device, it's critical to have
Application-Development-Mode: true
in the MANIFEST.MF within the .bar file.
A stupid mistake, but I'll leave this up in case it helps anyone...
Taking a look to the QNX deployment plugin "C:\Marmalade\6.1\s3e\deploy\plugins\qnx\qnx.py" I found that 'FOR DEVELOPMENT' option is false if the 'playbook_keystore' is given so I just cleared the signing section on the Marmalade System Deployment Tool and it is not longer trying to sign it