-
Notifications
You must be signed in to change notification settings - Fork 29.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tools: use OSX Keychain profile to notarize the releases #50715
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
macos
Issues and PRs related to the macOS platform / OSX.
tools
Issues and PRs related to the tools directory.
labels
Nov 13, 2023
UlisesGascon
added
request-ci
Add this label to start a Jenkins CI on a PR.
lts-watch-v18.x
PRs that may need to be released in v18.x.
lts-watch-v20.x
PRs that may need to be released in v20.x
labels
Nov 13, 2023
3 tasks
github-actions
bot
removed
the
request-ci
Add this label to start a Jenkins CI on a PR.
label
Nov 13, 2023
tony-go
reviewed
Nov 14, 2023
tony-go
approved these changes
Nov 14, 2023
26 tasks
5 tasks
mhdawson
approved these changes
Nov 20, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Looks the status update failed. The latest ci run shows as all blue - https://ci.nodejs.org/job/node-test-pull-request/55833/ Going to land |
mhdawson
pushed a commit
that referenced
this pull request
Nov 22, 2023
PR-URL: #50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
Landed in 5f973d1 |
targos
pushed a commit
that referenced
this pull request
Nov 23, 2023
PR-URL: #50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
martenrichter
pushed a commit
to martenrichter/node
that referenced
this pull request
Nov 26, 2023
PR-URL: nodejs#50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
lucshi
pushed a commit
to lucshi/node
that referenced
this pull request
Nov 27, 2023
PR-URL: nodejs#50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
Merged
RafaelGSS
pushed a commit
that referenced
this pull request
Nov 29, 2023
PR-URL: #50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
RafaelGSS
pushed a commit
that referenced
this pull request
Nov 30, 2023
PR-URL: #50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
UlisesGascon
added a commit
that referenced
this pull request
Dec 11, 2023
PR-URL: #50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
Merged
UlisesGascon
added a commit
that referenced
this pull request
Dec 13, 2023
PR-URL: #50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
UlisesGascon
added a commit
that referenced
this pull request
Dec 15, 2023
PR-URL: #50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
UlisesGascon
added a commit
that referenced
this pull request
Dec 19, 2023
PR-URL: #50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
richardlau
pushed a commit
that referenced
this pull request
Jan 16, 2024
PR-URL: #50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
richardlau
added
backported-to-v18.x
PRs backported to the v18.x-staging branch.
backported-to-v20.x
PRs backported to the v20.x-staging branch.
and removed
lts-watch-v18.x
PRs that may need to be released in v18.x.
lts-watch-v20.x
PRs that may need to be released in v20.x
labels
Jan 16, 2024
RafaelGSS
pushed a commit
that referenced
this pull request
Feb 14, 2024
This is a security release. Notable changes: crypto: * update root certificates to NSS 3.95 (Node.js GitHub Bot) #50805 * disable PKCS#1 padding for privateDecrypt (Michael Dawson) nodejs-private/node-private#525 deps: * upgrade npm to 10.2.4 (npm team) #50751 * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614 * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com//pull/51614 * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) #51614 http: * add maximum chunk extension size (Paolo Insogna) nodejs-private/node-private#520 lib: * update undici to v5.28.3 (Matteo Collina) nodejs-private/node-private#536 src: * fix HasOnly(capability) in node::credentials (Tobias Nießen) nodejs-private/node-private#505 test: * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) #49621 tools: * add macOS notarization verification step (Ulises Gascón) #50833 * use macOS keychain to notarize the releases (Ulises Gascón) #50715 * remove unused file (Ulises Gascon) #50622 * add macOS notarization stapler (Ulises Gascón) #50625 * improve macOS notarization process output readability (Ulises Gascón) #50389 * remove unused `version` function (Ulises Gascón) #50390 win,tools: * upgrade Windows signing to smctl (Stefan Stojanovic) #50956 zlib: * pause stream if outgoing buffer is full (Matteo Collina) nodejs-private/node-private#542 PR-URL: nodejs-private/node-private#545
rdw-msft
pushed a commit
to rdw-msft/node
that referenced
this pull request
Mar 20, 2024
This is a security release. Notable changes: crypto: * update root certificates to NSS 3.95 (Node.js GitHub Bot) nodejs#50805 * disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525 deps: * upgrade npm to 10.2.4 (npm team) nodejs#50751 * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs#51614 * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com/nodejs/pull/51614 * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) nodejs#51614 http: * add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/520 lib: * update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/536 src: * fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505 test: * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) nodejs#49621 tools: * add macOS notarization verification step (Ulises Gascón) nodejs#50833 * use macOS keychain to notarize the releases (Ulises Gascón) nodejs#50715 * remove unused file (Ulises Gascon) nodejs#50622 * add macOS notarization stapler (Ulises Gascón) nodejs#50625 * improve macOS notarization process output readability (Ulises Gascón) nodejs#50389 * remove unused `version` function (Ulises Gascón) nodejs#50390 win,tools: * upgrade Windows signing to smctl (Stefan Stojanovic) nodejs#50956 zlib: * pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/542 PR-URL: https://github.com/nodejs-private/node-private/pull/545
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
PR-URL: nodejs/node#50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
This is a security release. Notable changes: crypto: * update root certificates to NSS 3.95 (Node.js GitHub Bot) nodejs/node#50805 * disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525 deps: * upgrade npm to 10.2.4 (npm team) nodejs/node#50751 * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs/node#51614 * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com/nodejs/node/pull/51614 * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) nodejs/node#51614 http: * add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/520 lib: * update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/536 src: * fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505 test: * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) nodejs/node#49621 tools: * add macOS notarization verification step (Ulises Gascón) nodejs/node#50833 * use macOS keychain to notarize the releases (Ulises Gascón) nodejs/node#50715 * remove unused file (Ulises Gascon) nodejs/node#50622 * add macOS notarization stapler (Ulises Gascón) nodejs/node#50625 * improve macOS notarization process output readability (Ulises Gascón) nodejs/node#50389 * remove unused `version` function (Ulises Gascón) nodejs/node#50390 win,tools: * upgrade Windows signing to smctl (Stefan Stojanovic) nodejs/node#50956 zlib: * pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/542 PR-URL: https://github.com/nodejs-private/node-private/pull/545
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
PR-URL: nodejs/node#50715 Reviewed-By: Michael Dawson <midawson@redhat.com>
sercher
added a commit
to sercher/graaljs
that referenced
this pull request
Apr 25, 2024
This is a security release. Notable changes: crypto: * update root certificates to NSS 3.95 (Node.js GitHub Bot) nodejs/node#50805 * disable PKCS#1 padding for privateDecrypt (Michael Dawson) https://github.com/nodejs-private/node-private/pull/525 deps: * upgrade npm to 10.2.4 (npm team) nodejs/node#50751 * update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) nodejs/node#51614 * upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) ://github.com/nodejs/node/pull/51614 * fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) nodejs/node#51614 http: * add maximum chunk extension size (Paolo Insogna) https://github.com/nodejs-private/node-private/pull/520 lib: * update undici to v5.28.3 (Matteo Collina) https://github.com/nodejs-private/node-private/pull/536 src: * fix HasOnly(capability) in node::credentials (Tobias Nießen) https://github.com/nodejs-private/node-private/pull/505 test: * skip test-child-process-stdio-reuse-readable-stdio on Windows (Joyee Cheung) nodejs/node#49621 tools: * add macOS notarization verification step (Ulises Gascón) nodejs/node#50833 * use macOS keychain to notarize the releases (Ulises Gascón) nodejs/node#50715 * remove unused file (Ulises Gascon) nodejs/node#50622 * add macOS notarization stapler (Ulises Gascón) nodejs/node#50625 * improve macOS notarization process output readability (Ulises Gascón) nodejs/node#50389 * remove unused `version` function (Ulises Gascón) nodejs/node#50390 win,tools: * upgrade Windows signing to smctl (Stefan Stojanovic) nodejs/node#50956 zlib: * pause stream if outgoing buffer is full (Matteo Collina) https://github.com/nodejs-private/node-private/pull/542 PR-URL: https://github.com/nodejs-private/node-private/pull/545
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
backported-to-v18.x
PRs backported to the v18.x-staging branch.
backported-to-v20.x
PRs backported to the v20.x-staging branch.
macos
Issues and PRs related to the macOS platform / OSX.
tools
Issues and PRs related to the tools directory.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Main Changes
Use a OSX Keychain profile to retrieve the secrets in order to do the notarization with Notarytool
cc: @nodejs/build @nodejs/releasers
Context
Notes
You can find more information in this amazing article https://tonygo.ghost.io/notarization-for-macos-app-with-notarytool/ by @tony-go and this comment: #48701 (comment)
Test
This was tested in
iojs+release-ulises-experimental
pipeline in jenkins ci release.Full log available here