Sign OSX binaries with an Apple developer ID certificate

microsoft / CromwellOnAzure

Microsoft Genomics implementation of the Broad Institute's Cromwell workflow engine on Azure

MIT License

134 stars 55 forks source link

Sign OSX binaries with an Apple developer ID certificate #478

Open MattMcL4475 opened 2 years ago

MattMcL4475 commented 2 years ago

To run the deployer binary on a Mac, the user must manually trust the developer. To avoid this, the deployer binary could be signed with productsign with an Apple developer ID certificate: https://developer.apple.com/developer-id/

Mentioned in #475

BMurri commented 10 months ago

Signing it with a developer certificate will also notarize it (since newer OSs will require that). Since that can take an hour or so, we should consider moving codesigning to the official release activities.

ngambani commented 8 months ago

@BMurri is this an active issue?

BMurri commented 8 months ago

Yes, this is active.

mbarkley commented 23 hours ago

At my company we use endpoint management software that prevents our employees from manually trusting unsigned applications. As a result, no one at my company is able to run the mac CoA installer anymore. I imagine other companies in research and healthcare settings would also run in to this problem. Please consider increasing the priority of this issue to help those of us trying to use CoA in companies with these kinds of regulatory and security requirements.