Closed mattia closed 3 years ago
I found a few problems with this issue:
Forgot to mention: the upload-symbols
used is from the master branch as of today
Hi @mattia,
Can you provide the output of codesign -dv --verbose=4 ./MyProject/Firebase/upload-symbols
?
Executable=/Users/mattia/MyProject/Firebase/upload-symbols
Identifier=$(PRODUCT_BUNDLE_IDENTIFIER)
Format=Mach-O thin (x86_64)
CodeDirectory v=20200 size=2364 flags=0x0(none) hashes=66+5 location=embedded
VersionPlatform=1
VersionMin=657920
VersionSDK=658944
Hash type=sha256 size=32
CandidateCDHash sha1=f8676d7245e0e8b17f384593adbc98a9b3bc89a1
CandidateCDHashFull sha1=f8676d7245e0e8b17f384593adbc98a9b3bc89a1
CandidateCDHash sha256=6b411fadc47682444c2d4468cb49968a2f055964
CandidateCDHashFull sha256=6b411fadc47682444c2d4468cb49968a2f0559641a91d80158aae3aa4294a02f
Hash choices=sha1,sha256
CMSDigest=66d8c4b5d01277dfca312a330a3a427c062fccea69b12d4fe7489e67e7dcd42b
CMSDigestType=2
Page size=4096
CDHash=6b411fadc47682444c2d4468cb49968a2f055964
Signature size=4707
Authority=Developer ID Application: Crashlytics, Inc. (L8VKXC2S77)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=31 Mar 2020 at 20:36:45
Info.plist entries=8
TeamIdentifier=L8VKXC2S77
Sealed Resources=none
Internal requirements count=1 size=220
Can I provide additional information to help the process?
Thanks! Have a nice day
Do you mind sharing your installation method, e.g. CocoaPods, Swift Package Manager, manual zip download, etc...?
Edit, I see from the initial report that it is through Carthage.
Hey @mattia, based on that output, upload-symbols
is codesigned (which is expected). I think ultimately we need to take the next step and Notarize the tool for macOS to accept it via Carthage / zip downloads. With Cocoapods it seems to be ok with just a signed binary.
I'll let you know when we pull the work to get it Notarized.
Thank you!
Just a quick update on this: we've pulled this work and should have an update on the expected timeline within the next few weeks.
Just a quick update on this: we've pulled this work and should have an update on the expected timeline within the next few weeks.
Looking forward to the update!
Thanks! Have a nice day
“upload-symbols” can’t be opened because Apple cannot check it for malicious software.
Same issue for me I need to upload symbols from an xcarchive bundle (generated with Xcode build archive) Any update about this ticket?
“upload-symbols” can’t be opened because Apple cannot check it for malicious software.
Same issue for me I need to upload symbols from an xcarchive bundle (generated with Xcode build archive) Any update about this ticket?
Same issue for me! Any progress on this ticket?
I created https://github.com/firebase/firebase-ios-sdk/pull/7323 which updates the upload-symbols binary to hopefully avoid the security alert. The binary is signed with Google's developer certificate and has been notarized via Apple's notary service.
I will leave this ticket open until the PR is merged and folks have a chance to verify that this solves the issue.
Seems like this is resolved for the folks that were participating in the conversation.
Carthage
[REQUIRED] Step 2: Describe the problem
Running the
upload-symbols
script trigger a Gatekeep alert and does not allow to continue. Alert shows:This problem can be avoided by allowing the
upload-symbols
script in the security pane of System Preferences, but I don't think this is a good approach/solution. I think that signing/notarizing the script should get rid of the problem.Steps to reproduce:
Run