Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mac binaries are not signed by a valid apple dev account #6935

Open
1 task done
wyvern8 opened this issue Jan 8, 2024 · 2 comments
Open
1 task done

mac binaries are not signed by a valid apple dev account #6935

wyvern8 opened this issue Jan 8, 2024 · 2 comments
Labels
kind: bug Something isn't working linear: turbo Issues to sync to Linear for Turborepo team owned-by: turborepo

Comments

@wyvern8
Copy link

wyvern8 commented Jan 8, 2024
edited by padmaia

Verify canary release

  • I verified that the issue exists in the latest Turborepo canary release.

Link to code that reproduces this issue

x

What package manager are you using / does the bug impact?

npm

What operating system are you using?

Mac

Which canary version will you have in your reproduction?

x

Describe the Bug

The binaries used by Turbo are not signed by Apple dev account correctly, and so Google Santa binary validation policies that only allows valid signers can mean that large organisations are limited to using hash whitelists which is not sustainable.
https://github.com/google/santa
cli
https://santa.dev/binaries/santactl.html#fileinfo

Expected Behavior

santactl fileinfo turbo
should not return Yes instead of Yes, but ad-hoc

To Reproduce

santactl fileinfo turbo
should not return Yes instead of Yes, but ad-hoc

Additional context

No response

TURBO-2009
@wyvern8 wyvern8 added kind: bug Something isn't working needs: triage New issues get this label. Remove it after triage owned-by: turborepo labels Jan 8, 2024
@chris-olszewski chris-olszewski added linear linear: turbo Issues to sync to Linear for Turborepo team and removed linear labels Jan 8, 2024
@NicholasLYang
Copy link
Contributor

Hi @wyvern8, thanks for the issue. We're in the middle of simplifying our release process now that the Rust port is completed. Once we've accomplished that, we can look into signing binaries with a proper Apple developer account

@mehulkar mehulkar removed the needs: triage New issues get this label. Remove it after triage label Jan 23, 2024
@Rohin-Chopra
Copy link

Hey @NicholasLYang and @mehulkar , just following up on this issue, has there been any movement on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind: bug Something isn't working linear: turbo Issues to sync to Linear for Turborepo team owned-by: turborepo
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mehulkar @chris-olszewski @wyvern8 @NicholasLYang @Rohin-Chopra