The Apple Silicon part of the binary seems to be hardened and can't load an unsigned dylib:
code signature in [dylib] not valid for use in process: Trying to load an unsigned library
The Intel part of the binary doesn't seem to be affected, so loading under Rosetta with arch -arch x86_64 works.
We want to keep the hardening, so we should look into either 1) signing the dylib in Git or 2) signing source builds with Zotero's real cert. In theory (1) would just be committing the version from a real build. Need to confirm that that works in a source build.
(If we go with (1), our build process would still re-sign, so if we messed up and forgot to rebuild it before a cert expired it would only affect Apple Silicon source builds.)
dstillman
commented
1 year ago
The Apple Silicon part of the binary seems to be hardened and can't load an unsigned dylib:
The Intel part of the binary doesn't seem to be affected, so loading under Rosetta with
arch -arch x86_64works.We want to keep the hardening, so we should look into either 1) signing the dylib in Git or 2) signing source builds with Zotero's real cert. In theory (1) would just be committing the version from a real build. Need to confirm that that works in a source build.
(If we go with (1), our build process would still re-sign, so if we messed up and forgot to rebuild it before a cert expired it would only affect Apple Silicon source builds.)