autopkg / joshua-d-miller-recipes

My recipes for autopkg https://github.com/autopkg
13 stars 45 forks source link

Lyx: new universal binary and codesign certificate #139

Closed octomike closed 1 year ago

octomike commented 1 year ago

The Lyx recipe has been broken for a while now. It seems upstream released a combined x86_64_arm64 build and also changed the certificate. I verified with gpg and the published signatures on lyx.org like this:

$ wget https://lyx.mirror.garr.it/bin/2.3.7/LyX-2.3.7+qt5-x86_64-arm64-cocoa.dmg
$ wget https://lyx.mirror.garr.it/bin/2.3.7/LyX-2.3.7+qt5-x86_64-arm64-cocoa.dmg.sig
$ gpg --recv-keys --keyserver keyserver.ubuntu.com FE66471B43559707AFDAD955DE7A44FAC7FB382D
$ gpg --verify LyX-2.3.7+qt5-x86_64-arm64-cocoa.dmg.sig
gpg: Signature made Wed Jan  4 19:39:57 2023 CET
gpg:                using RSA key FE66471B43559707AFDAD955DE7A44FAC7FB382D
gpg: Good signature from "LyX Release Manager (Signing LyX tarballs and binaries) <sanda@lyx.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: FE66 471B 4355 9707 AFDA  D955 DE7A 44FA C7FB 382D
$ hdiutil attach LyX-2.3.7+qt5-x86_64-arm64-cocoa.dmg
$ codesign --display -r- --deep -v /Volumes/LyX-2.3.7/LyX.app 2>&1 | tail -n1
designated => identifier "org.lyx.lyx" and certificate root = H"bc48ff7941c33f70838298a129f92745a39e654b"
joshua-d-miller commented 1 year ago

This looks like a reasonable change. Merged! Thank you 👍