h/fish-shell
1
Fork 0
mirror of https://github.com/fish-shell/fish-shell.git synced 2026-05-30 03:01:15 -03:00
Code Issues Packages Projects Releases Wiki Activity

Use xar-based workflow for creating Mac packages

Browse Source 
As spotted in #7656, macOS installer files built on Big Sur fail signature
verification on macOS 10.11. This is because Big Sur productsign no longer
supplies the SHA-1 hash, and 10.11 does not know how to read the SHA-256
hash.

Replace the productsign flow with a flow based on
http://users.wfu.edu/cottrell/productsign/productsign_linux.html . This
uses the xar tool to digitally sign the installer packages, with both
SHA-1 and SHA-256 hashes.

The xar tool is somewhat tricky to build, so is checked in (as binary!)
compiled for Mac.

To build a Mac package, run make_pkg.sh (which invokes the signing flow)
followed by mac_notarize.sh which adds the notarization.
This commit is contained in:
ridiculousfish
2021-01-31 13:52:19 -08:00
parent 6442dc96d6
commit e4a993c581
4 changed files with 134 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
build_tools/bin/README.txt Normal file
View File

@@ -0,0 +1 @@
mac_xar_116 is http://mackyle.github.io/xar/, compiled for Mac. It is used by mac_sign_package.sh as a replacement for productsign.