Fixed a bug where symlinks weren't been written in notarization zip file
files properly. This prevented bundles containing symlinks from notarizing
correctly.
The filename used in notarization uploads is now normalized to avoid
rejection due to spaces and colons.
Support for remote signing. The feature is documented extensively in the
Sphinx documentation. Essentially, 2 independent machines communicate with
each other with end-to-end encrypted messages via a websocket bridged through
a central server. Signing requests are sent to a remote machine which is in
possession of the signing key. Signatures are made on the remote machine and
transmitted back to the originating machine. Remote signing enables signing
to be performed more securely by facilitating signing without having to give
the initiating machine access to the signing key.
Default log output format has changed. Lines are no longer prefixed with the
time, log level, or logging module by default. A -v/--verbose global flag
has been added to increase the verbosity of logging. This can restore the
printing of the prefixes. This crate uses
env_logger <https://crates.io/crates/env_logger>_, so it is possible
to customize default behavior via environment variables.
The possible values for the --code-signature-flags are now advertised in
help output.
Written Mach-O files should now always have their filesystem permissions
preserved. Before, we may not have preserved file permissions in all code
paths writing Mach-O files.
A new keychain-print-certificates command can be used to print
certificates available in macOS keychains.
Initial support for using macOS keychain certificates for code signing.
Previously, we required that certificates be exported from keychain in
order to sign. We now support signing using SecurityFramework APIs so
keys don't have to leave the keychain. Due to a limitation in the Rust
bindings to SecurityFramework, decryption using keychain keys is not
supported. So the public key agreement method of remote code signing
will not yet work with keychain-based keys. The new --keychain-domain
and --keychain-fingerprint arguments can be used to specify how to
search for and use keychain hosted keys.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps x509-certificate from 0.13.0 to 0.14.0.
Release notes
Sourced from x509-certificate's releases.
Commits
2bcfe15
releasebot: release-version-change x509-certificate 0.14.0-pre -> 0.14.071b31aa
releasebot: release-version-change pgp-cleartext 0.3.0-pre -> 0.3.0313e378
apple-codesign: add release date for 0.17d3a7859
pyoxidizer: synchronize new-project-cargo.locka7ef243
apple-codesign: docs tweaksb30bc50
apple-codesign: remove unused dependenciese2614e3
apple-codesign: use common function for sending App Store Connect API requestsec89148
apple-codesign: remove unused constant1df03e3
apple-codesign: addnotary-log
command3f2bce0
apple-codesign: add a newnotary-wait
commandDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)