Telegraf for macOS should be signed

[patgmac]

Feature Request

Proposal:

Apple has a hard requirement in current versions of macOS for binaries to be signed and notarized. This FR is to start signing the telegraf binary with a valid Apple certificate and notarize as needed. Here is some documentation from Apple on this topic: https://developer.apple.com/support/code-signing/.

This would ideally mean someone at a company level obtaining an company developer account from developer.apple.com, which is $300/year. Personal accounts could be used at $99/year but the signing would appear in that persons name.

Current behavior:

When running telegraf on macOS Big Sur, the following error messages appear:

Desired behavior:

telegraf should run without error.

Use case:

For continued use of telegraf on the macOS platform, it will need to be signed and notarized.

[sjwang90]

@darinfisher Can you provide any feedback for this? See if there's any overlap with the discussions you're having with the Windows signature stuff?

[patgmac]

So what are the chances of this happening?

[sjwang90]

@patgmac We actually have just purchased the certs for this and are just starting to work on getting this implemented in the Telegraf build.

[patgmac]

@patgmac We actually have just purchased the certs for this and are just starting to work on getting this implemented in the Telegraf build.

Great news. I hope by "purchased the certs" that means a "paid Apple developer account" which is required for singing apps, not like a regular cert purchased elsewhere. And being that this would require building on Apple hardware, would this also help with #4801 ?

[darinfisher]

@patgmac Yes, the certificates are from our Apple developer account.