search

rockcarver / frodo-cli

A CLI to manage ForgeRock platform deployments supporting Identity Cloud tenants, ForgeOps deployments, and classic deployments.
MIT License
17 stars 14 forks source link

Investigate replacing vercel/pkg with yao-pkg/pkg - short/mid-term #342

Closed vscheuber closed 6 months ago

vscheuber commented 6 months ago

It appears Vercel is no longer actively maintaining vercel/pkg, our current SEA (single executable application) tool.

There is a new fork, yao-pkg/pkg by one of the maintainers, which looks interesting and worth following until the Node.js SEA capabilities are far enough to switch.

vscheuber commented 6 months ago

it appears that switching over to the new fork is frictionless. I tested the MacOS binary only but it built and ran just like with the Vercel version.

vscheuber commented 6 months ago

The first pipeline run failed with the new yao-pkg version but it is unclear if that was because of pkg or Apple tightening up the code signing requirements:

  codesign -f -s 'Developer ID Application' --options runtime --entitlements entitlements.plist --timestamp --deep frodo
  shell: /bin/bash -e {0}
  env:
    NODE_VERSION: 18
  frodo: main executable failed strict validation

It appears that we were using the --no-signature option in pkg but Apple appears to now require ad-hoc signatures and replaces them when codesign-ing. On my local workstation, the pipeline error was reproducible with the --no-signature option and not reproducible when omitting the option.

So it is unclear if the switch to yao-pkg/pkg caused this or coincided with Apple requiring ad-hoc signatures.

vscheuber commented 6 months ago

Removing the --no-signature option fixed the pipeline.