Skip to content

tools: add macOS notarization verification step #50833

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

tools: add macOS notarization verification step #50833

wants to merge 1 commit into from

Conversation

UlisesGascon
Copy link
Member

Main Changes

Add a verification step to validate the notarized binaries generated for macOS.

Context

This change was previously defined in #50628, but due git issues I re-generated the PR.

@nodejs-github-bot nodejs-github-bot added macos Issues and PRs related to the macOS platform / OSX. tools Issues and PRs related to the tools directory. labels Nov 21, 2023
@UlisesGascon UlisesGascon marked this pull request as ready for review November 21, 2023 07:33
@UlisesGascon UlisesGascon mentioned this pull request Nov 21, 2023
Closed
@UlisesGascon UlisesGascon added lts-watch-v18.x lts-watch-v20.x PRs that may need to be released in v20.x labels Nov 21, 2023
mhdawson
mhdawson approved these changes Nov 21, 2023
View reviewed changes
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mhdawson
Copy link
Member

@UlisesGascon thanks, seems to land ok. Just waiting for waiting period to pass and then will land.

@mhdawson mhdawson added the request-ci Add this label to start a Jenkins CI on a PR. label Nov 21, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Nov 21, 2023
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/55834/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/55855/

@mhdawson
Copy link
Member

Landed in 83df02c

@mhdawson mhdawson closed this Nov 23, 2023
mhdawson pushed a commit that referenced this pull request Nov 23, 2023
@UlisesGascon @mhdawson
tools: add macOS notarization verification step
83df02c 
PR-URL: #50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
@UlisesGascon UlisesGascon deleted the tools/osx-binaries-validation-iteration branch November 24, 2023 07:06
martenrichter pushed a commit to martenrichter/node that referenced this pull request Nov 26, 2023
@UlisesGascon @martenrichter
tools: add macOS notarization verification step
80052a1 
PR-URL: nodejs#50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
lucshi pushed a commit to lucshi/node that referenced this pull request Nov 27, 2023
@UlisesGascon
tools: add macOS notarization verification step
8b61c75 
PR-URL: nodejs#50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
RafaelGSS pushed a commit that referenced this pull request Nov 27, 2023
@UlisesGascon @RafaelGSS
tools: add macOS notarization verification step
c13c0e4 
PR-URL: #50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
@RafaelGSS RafaelGSS mentioned this pull request Nov 28, 2023
Merged
RafaelGSS pushed a commit that referenced this pull request Nov 29, 2023
@UlisesGascon @RafaelGSS
tools: add macOS notarization verification step
5de3053 
PR-URL: #50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
RafaelGSS pushed a commit that referenced this pull request Nov 30, 2023
@UlisesGascon @RafaelGSS
tools: add macOS notarization verification step
2c0d1ae 
PR-URL: #50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
UlisesGascon added a commit that referenced this pull request Dec 11, 2023
@UlisesGascon
tools: add macOS notarization verification step
a1f9bb0 
PR-URL: #50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
@UlisesGascon UlisesGascon mentioned this pull request Dec 12, 2023
Merged
UlisesGascon added a commit that referenced this pull request Dec 13, 2023
@UlisesGascon
tools: add macOS notarization verification step
32ad208 
PR-URL: #50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
UlisesGascon added a commit that referenced this pull request Dec 15, 2023
@UlisesGascon
tools: add macOS notarization verification step
b3836e4 
PR-URL: #50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
UlisesGascon added a commit that referenced this pull request Dec 19, 2023
@UlisesGascon
tools: add macOS notarization verification step
c8d6dd5 
PR-URL: #50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
richardlau pushed a commit that referenced this pull request Jan 16, 2024
@UlisesGascon @richardlau
tools: add macOS notarization verification step
3e5b976 
PR-URL: #50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
@richardlau richardlau added backported-to-v18.x backported-to-v20.x PRs backported to the v20.x-staging branch. and removed lts-watch-v18.x lts-watch-v20.x PRs that may need to be released in v20.x labels Jan 16, 2024
RafaelGSS pushed a commit that referenced this pull request Feb 14, 2024
@marco-ippolito @RafaelGSS
2024-02-14, Version 18.19.1 'Hydrogen' (LTS)
2a5a150 
This is a security release.

Notable changes:

crypto:
  * update root certificates to NSS 3.95 (Node.js GitHub Bot) #50805
  * disable PKCS#1 padding for privateDecrypt (Michael Dawson) nodejs-private/node-private#525
deps:
  * upgrade npm to 10.2.4 (npm team) #50751
  * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614
  * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com//pull/51614
  * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) #51614
http:
  * add maximum chunk extension size (Paolo Insogna) nodejs-private/node-private#520
lib:
  * update undici to v5.28.3 (Matteo Collina) nodejs-private/node-private#536
src:
  * fix HasOnly(capability) in node::credentials (Tobias Nießen) nodejs-private/node-private#505
test:
  * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) #49621
tools:
  * add macOS notarization verification step (Ulises Gascón) #50833
  * use macOS keychain to notarize the releases (Ulises Gascón) #50715
  * remove unused file (Ulises Gascon) #50622
  * add macOS notarization stapler (Ulises Gascón) #50625
  * improve macOS notarization process output readability (Ulises Gascón) #50389
  * remove unused `version` function (Ulises Gascón) #50390
win,tools:
  * upgrade Windows signing to smctl (Stefan Stojanovic) #50956
zlib:
  * pause stream if outgoing buffer is full (Matteo Collina) nodejs-private/node-private#542

PR-URL: nodejs-private/node-private#545
rdw-msft pushed a commit to rdw-msft/node that referenced this pull request Mar 20, 2024
@marco-ippolito @rdw-msft
2024-02-14, Version 18.19.1 'Hydrogen' (LTS)
d3b30e1 
This is a security release.

Notable changes:

crypto:
  * update root certificates to NSS 3.95 (Node.js GitHub Bot) nodejs#50805
  * disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525
deps:
  * upgrade npm to 10.2.4 (npm team) nodejs#50751
  * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs#51614
  * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com/nodejs/pull/51614
  * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) nodejs#51614
http:
  * add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/520
lib:
  * update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/536
src:
  * fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505
test:
  * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) nodejs#49621
tools:
  * add macOS notarization verification step (Ulises Gascón) nodejs#50833
  * use macOS keychain to notarize the releases (Ulises Gascón) nodejs#50715
  * remove unused file (Ulises Gascon) nodejs#50622
  * add macOS notarization stapler (Ulises Gascón) nodejs#50625
  * improve macOS notarization process output readability (Ulises Gascón) nodejs#50389
  * remove unused `version` function (Ulises Gascón) nodejs#50390
win,tools:
  * upgrade Windows signing to smctl (Stefan Stojanovic) nodejs#50956
zlib:
  * pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/542

PR-URL: https://github.com/nodejs-private/node-private/pull/545
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
tools: add macOS notarization verification step
7a86a73 
PR-URL: nodejs/node#50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
2024-02-14, Version 18.19.1 'Hydrogen' (LTS)
1ddeb10 
This is a security release.

Notable changes:

crypto:
  * update root certificates to NSS 3.95 (Node.js GitHub Bot) nodejs/node#50805
  * disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525
deps:
  * upgrade npm to 10.2.4 (npm team) nodejs/node#50751
  * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs/node#51614
  * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com/nodejs/node/pull/51614
  * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) nodejs/node#51614
http:
  * add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/520
lib:
  * update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/536
src:
  * fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505
test:
  * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) nodejs/node#49621
tools:
  * add macOS notarization verification step (Ulises Gascón) nodejs/node#50833
  * use macOS keychain to notarize the releases (Ulises Gascón) nodejs/node#50715
  * remove unused file (Ulises Gascon) nodejs/node#50622
  * add macOS notarization stapler (Ulises Gascón) nodejs/node#50625
  * improve macOS notarization process output readability (Ulises Gascón) nodejs/node#50389
  * remove unused `version` function (Ulises Gascón) nodejs/node#50390
win,tools:
  * upgrade Windows signing to smctl (Stefan Stojanovic) nodejs/node#50956
zlib:
  * pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/542

PR-URL: https://github.com/nodejs-private/node-private/pull/545
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
tools: add macOS notarization verification step
e99a255 
PR-URL: nodejs/node#50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
sercher added a commit to sercher/graaljs that referenced this pull request Apr 25, 2024
@sercher
2024-02-14, Version 18.19.1 'Hydrogen' (LTS)
d02cd45 
This is a security release.

Notable changes:

crypto:
  * update root certificates to NSS 3.95 (Node.js GitHub Bot) nodejs/node#50805
  * disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525
deps:
  * upgrade npm to 10.2.4 (npm team) nodejs/node#50751
  * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs/node#51614
  * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com/nodejs/node/pull/51614
  * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) nodejs/node#51614
http:
  * add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/520
lib:
  * update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/536
src:
  * fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505
test:
  * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) nodejs/node#49621
tools:
  * add macOS notarization verification step (Ulises Gascón) nodejs/node#50833
  * use macOS keychain to notarize the releases (Ulises Gascón) nodejs/node#50715
  * remove unused file (Ulises Gascon) nodejs/node#50622
  * add macOS notarization stapler (Ulises Gascón) nodejs/node#50625
  * improve macOS notarization process output readability (Ulises Gascón) nodejs/node#50389
  * remove unused `version` function (Ulises Gascón) nodejs/node#50390
win,tools:
  * upgrade Windows signing to smctl (Stefan Stojanovic) nodejs/node#50956
zlib:
  * pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/542

PR-URL: https://github.com/nodejs-private/node-private/pull/545
aduh95 pushed a commit to aduh95/node that referenced this pull request Feb 18, 2025
@UlisesGascon @marco-ippolito
tools: add macOS notarization verification step
60affdd 
PR-URL: nodejs#50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
aduh95 pushed a commit to aduh95/node that referenced this pull request Feb 18, 2025
@marco-ippolito @RafaelGSS
2024-02-14, Version 18.19.1 'Hydrogen' (LTS)
6610cc4 
This is a security release.

Notable changes:

crypto:
  * update root certificates to NSS 3.95 (Node.js GitHub Bot) nodejs#50805
  * disable PKCS#1 padding for privateDecrypt (Michael Dawson) nodejs-private/node-private#525
deps:
  * upgrade npm to 10.2.4 (npm team) nodejs#50751
  * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs#51614
  * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com/nodejs/pull/51614
  * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) nodejs#51614
http:
  * add maximum chunk extension size (Paolo Insogna) nodejs-private/node-private#520
lib:
  * update undici to v5.28.3 (Matteo Collina) nodejs-private/node-private#536
src:
  * fix HasOnly(capability) in node::credentials (Tobias Nießen) nodejs-private/node-private#505
test:
  * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) nodejs#49621
tools:
  * add macOS notarization verification step (Ulises Gascón) nodejs#50833
  * use macOS keychain to notarize the releases (Ulises Gascón) nodejs#50715
  * remove unused file (Ulises Gascon) nodejs#50622
  * add macOS notarization stapler (Ulises Gascón) nodejs#50625
  * improve macOS notarization process output readability (Ulises Gascón) nodejs#50389
  * remove unused `version` function (Ulises Gascón) nodejs#50390
win,tools:
  * upgrade Windows signing to smctl (Stefan Stojanovic) nodejs#50956
zlib:
  * pause stream if outgoing buffer is full (Matteo Collina) nodejs-private/node-private#542

PR-URL: nodejs-private/node-private#545
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lpinca lpinca lpinca approved these changes

@mhdawson mhdawson mhdawson approved these changes

Assignees
No one assigned
Labels
backported-to-v20.x PRs backported to the v20.x-staging branch. macos Issues and PRs related to the macOS platform / OSX. tools Issues and PRs related to the tools directory.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@UlisesGascon @mhdawson @nodejs-github-bot @lpinca @richardlau