highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-03-17 13:22:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use hardened runtime on macOS release builds.

Browse Source 
The Apple notary service requires submitted app bundles to be configured to use the hardened runtime libraries.  This is configured at signing time, and supported by the signapple tool Bitcoin Core uses for reproduceable signed binaries.  We simply need to pass "--hardened-runtime" when the signature is created.  Once attached to the bundle, the resulting codesigned binary can be successfully submitted to the Apple binary notarization service by any Apple Developer.

Github-Pull: #29127
Rebased-From: 4fdd836db92e789c98b9e68398ca931a968cc9c3
This commit is contained in:
Mark Friedenbach 2023-12-20 16:24:37 -08:00 committed by glozow
parent ac1b9a51db
commit 11f3a7e6ba
No known key found for this signature in database
GPG Key ID: BA03F4DBE0C63FB4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/macdeploy/detached-sig-create.sh
View File

@ -24,7 +24,7 @@ fi
rm -rf ${TEMPDIR}
mkdir -p ${TEMPDIR}
${SIGNAPPLE} sign -f --detach "${TEMPDIR}/${OUTROOT}" "$@" "${BUNDLE}"
${SIGNAPPLE} sign -f --detach "${TEMPDIR}/${OUTROOT}" "$@" "${BUNDLE}" --hardened-runtime
tar -C "${TEMPDIR}" -czf "${OUT}" .
rm -rf "${TEMPDIR}"