Build macOS installer for tsh.app #12751
Conversation
|
There are more changes required to make sure the packages really work, like building with the proper build tags, but this is enough for a single PR (and my brain is fried for today). |
|
Also, give me a shout if you want and I can send a fully-functional "tshdev" installer to you. :) |
There was a problem hiding this comment.
Naively going through your instructions at build.assets/macos/tshdev/README.md, I get to
$skel/sign.sh $skel/tsh.app # sign .app
and my terminal complains
error: The specified item could not be found in the keychain.
I'm thinking I'm missing the One-time setup, however when I try to log in to my personal developer profile by navigating to https://developer.apple.com/account/resources/profiles/list and signing in, I get
.
Presuming I do indeed need to do One-time setup before going through the instructions, a note at the top of the Instructions setting would be helpful. Also, a note or link to a Slab post about how I request to get enrolled in Teleport's developer program (or should I just enroll in my own developer program?) would be useful.
(If you find any of this to be overly pedantic to add then feel free to just ignore me, I'm coming at it from a place of total ignorance about Apple's code signing system).
|
@ibeckermayer thanks for going through the README with such attention, I appreciate the feedback. One-time setup is pretty much done, the idea of the README is to document how I got those files in the first place in case someone wants to recreate them. I'll mention that in the file. You won't be able to use that signing key without access to our Apple Dev account. Personal account won't cut it for Keychain access, you need to be enrolled in the Apple Developer program. Ping me in private and I can give some instructions. A Slab page would indeed be nice, I'll add that to my backlog (I won't do it right now, but I'll get to it!). |
codingllama
force-pushed
the
codingllama/apple-build
branch
from
af2f4e3 to
1c0d7ea
Compare
|
Thanks for the quick review, Isaiah. |
|
Friendly ping @timothyb89 ? |
|
Friendly ping @timothyb89 ? |
|
Thanks folks. Now let's see what I missed when it gets to Drone. |
codingllama
force-pushed
the
codingllama/apple-build
branch
from
1c0d7ea to
7f56eb6
Compare
codingllama
force-pushed
the
codingllama/apple-build
branch
from
7f56eb6 to
5060963
Compare
codingllama
force-pushed
the
codingllama/apple-build
branch
from
5060963 to
28cfa9d
Compare
Drop the `v` from the tsh installer version number, which was inadvertently changed by #12751. Makes the installer reappear as a download option in Houston. Note that the final .app name still has the `v`. Ie: * tsh-10.0.0-dev.pkg (installer) * tsh-10.0.0-dev.pkg.sha256 (installer hash) * tsh-v10.0.0-dev.app (Application package)
Drop the `v` from the tsh installer version number, which was inadvertently changed by #12751. Makes the installer reappear as a download option in Houston. Note that the final .app name still has the `v`. Ie: * tsh-10.0.0-dev.pkg (installer) tsh-10.0.0-dev.pkg.sha256 (installer hash) * tsh-v10.0.0-dev.app (Application package) Backport #13896 to branch/v10
Changes how
make pkg-tshworks so instead of building an installer for thetshbinary, placed under/usr/local/bin, we install an app to/Applications/tsh-vXXX.appand link itstshbinary to/usr/local/bin.The app shell is necessary to distribute a provisioning profile along with the signed/entitled/notarized binary. All of that is required for Touch ID to work. Naked
tshbinaries are unable to use Touch ID, even if built with the correct build tags.I've elected to split the logic from
build-package.shinto a separate script - it already does too much as-is.build-pkg-tsh.shis more idiomatic, clears additionalshellcheckrules and is easier to dry-run.#9160