Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Developer ID signature for circonus-unified-agentd #113

Open
bp88 opened this issue Nov 25, 2022 · 1 comment
Open

Developer ID signature for circonus-unified-agentd #113

bp88 opened this issue Nov 25, 2022 · 1 comment

Comments

@bp88
Copy link

bp88 commented Nov 25, 2022

Glad to see that the circonus-unified-agentd is finally signed. I tried to inspect as follows:

spctl -vv --assess /opt/circonus/unified-agent/sbin/circonus-unified-agentd
/opt/circonus/unified-agent/sbin/circonus-unified-agentd: rejected
source=Unnotarized Developer ID
origin=Developer ID Application: Matthew Maier (SUBNYW48X5)

codesign -vvv -dr -- /opt/circonus/unified-agent/sbin/circonus-unified-agentd
Executable=/opt/circonus/unified-agent/sbin/circonus-unified-agentd
Identifier=circonus-unified-agentd
Format=Mach-O thin (x86_64)
CodeDirectory v=20500 size=768323 flags=0x10000(runtime) hashes=24004+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=655dd203cbebb126563cb75ea5682ffcc607b357
CandidateCDHashFull sha1=655dd203cbebb126563cb75ea5682ffcc607b357
CandidateCDHash sha256=93eb2dfa158d2a1bd804169064e29b7c26176720
CandidateCDHashFull sha256=93eb2dfa158d2a1bd804169064e29b7c261767208889bd73ce7170f8156088f5
Hash choices=sha1,sha256
CMSDigest=0c62c8876950ff11807624ecc25ceb5888558ece9ba5caf5ec7f9173a1da48a6
CMSDigestType=2
Launch Constraints:
None
CDHash=93eb2dfa158d2a1bd804169064e29b7c26176720
Signature size=9127
Authority=Developer ID Application: Matthew Maier (SUBNYW48X5)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Nov 15, 2022 at 10:08:41 AM
Info.plist=not bound
TeamIdentifier=SUBNYW48X5
Runtime Version=10.9.0
Sealed Resources=none

While it's good that the executable is signed, I would recommend that the executable be signed using a Developer ID tied to the company as opposed to an individual. This will create less issues should the individual leave the company. I don't have any particular guidance as to how you might achieve this, but would recommend reaching out to Apple Developer Support for further guidance/assistance.

Not sure if any of these pages are of any help:

@wkrause13
Copy link
Collaborator

Thanks @bp88, we've sorted through this on our end and should be producing a signed build using the company's profile this week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants