tools: add macOS notarization verification step by UlisesGascon · Pull Request #50628 · nodejs/node
Main Changes
Add a verification step to validate the notarized binaries generated for macOS.
cc: @nodejs/build @nodejs/releasers
Context
Another PR related is #50625
You can find more information in this amazing article https://tonygo.ghost.io/notarization-for-macos-app-with-notarytool/ by @tony-go
Test
This was tested in iojs+release-ulises-experimental pipeline in jenkins ci release.
case: error
The error was "simulated" by using a different type
Full log available here
16:00:01 sh tools/osx-notarize.sh v22.0.0-test202311086410f3bf0d
16:00:01 Notarization process is done with Notarytool.
16:00:01 Submitting node-v22.0.0-test202311086410f3bf0d.pkg for notarization...
16:00:01 Conducting pre-submission checks for node-v22.0.0-test202311086410f3bf0d.pkg and initiating connection to the Apple notary service...
16:00:03 Submission ID received
16:00:03 id: 7f542153-1766-44b1-bc0f-6c672b4e54b6
16:00:08 Successfully uploaded file
16:00:08 id: 7f542153-1766-44b1-bc0f-6c672b4e54b6
16:00:08 path: /Users/iojs/build/ws/node-v22.0.0-test202311086410f3bf0d.pkg
16:00:08 Waiting for processing to complete.
16:00:14
Current status: In Progress...
Current status: In Progress....
Current status: In Progress.....
Current status: In Progress......
Current status: In Progress.......
Current status: In Progress........
Current status: In Progress.........
Current status: In Progress..........
Current status: In Progress...........
Current status: In Progress............
Current status: In Progress.............
Current status: In Progress..............
Current status: Accepted...............Processing complete
16:01:55 id: 7f542153-1766-44b1-bc0f-6c672b4e54b6
16:01:55 status: Accepted
16:01:55
16:01:55 Notarization node-v22.0.0-test202311086410f3bf0d.pkg submitted successfully.
16:01:55 objc[73632]: Class SPExecutionPolicy is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
[...redacted (similar references to previos line)...]
16:01:55 node-v22.0.0-test202311086410f3bf0d.pkg: rejected
16:01:55 source=no usable signature
16:01:55 error: Signature will not be accepted by Gatekeeper!
[...redacted...]
16:02:01 Finished: FAILURE
case: success
Full log available here
20:37:41 sh tools/osx-notarize.sh v22.0.0-test202311086410f3bf0d
20:37:41 Notarization process is done with Notarytool.
20:37:41 Submitting node-v22.0.0-test202311086410f3bf0d.pkg for notarization...
20:37:41 Conducting pre-submission checks for node-v22.0.0-test202311086410f3bf0d.pkg and initiating connection to the Apple notary service...
20:37:42 Submission ID received
20:37:42 id: 9166dd7b-4cdf-4e57-93ae-2453fc38d818
20:37:49 Successfully uploaded file
20:37:49 id: 9166dd7b-4cdf-4e57-93ae-2453fc38d818
20:37:49 path: /Users/iojs/build/ws/node-v22.0.0-test202311086410f3bf0d.pkg
20:37:49 Waiting for processing to complete.
20:37:54
Current status: In Progress...
Current status: In Progress....
Current status: In Progress.....
Current status: In Progress......
Current status: In Progress.......
Current status: In Progress........
Current status: In Progress.........
Current status: In Progress..........
Current status: In Progress...........
Current status: Accepted............Processing complete
20:38:58 id: 9166dd7b-4cdf-4e57-93ae-2453fc38d818
20:38:58 status: Accepted
20:38:58
20:38:58 Notarization node-v22.0.0-test202311086410f3bf0d.pkg submitted successfully.
20:38:59 objc[5975]: Class SPExecutionPolicy is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined.
[...redacted (similar references to previos line)...]
20:38:59 node-v22.0.0-test202311086410f3bf0d.pkg: accepted
20:38:59 source=Notarized Developer ID
20:38:59 Verification was successful.
[...redacted...]
14:29:10 Finished: SUCCESS