hashicorp/vagrant 19477
Vagrant is a tool for building and distributing development environments.
hashicorp/packer 9804
Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.
joefitzgerald/packer-windows 1533
Windows Packer Templates
armon/bloomd 1147
C network daemon for bloom filters
mitchellh/cli 1086
A Go library for implementing command-line interfaces.
armon/go-radix 511
Golang implementation of Radix trees
mitchellh/boot2docker-vagrant-box 425
Packer scripts to build a Vagrant-compatible boot2docker box.
Service Mesh Interface
hashicorp/hil 332
HIL is a small embedded language for string interpolations.
Go (golang) library for colorizing strings for terminal output.
created tagmitchellh/go-ps
Find, list, and inspect processes from Go (golang).
created time in 16 days
pull request commentmitchellh/go-ps
Avoid heavy calls when reading /proc
This looks good thank you!
comment created time in 16 days
PR merged mitchellh/go-ps
On systems with SELinux in enforcing mode, this will unnecessarily require broader access to the whole of /proc (newfstatat or lstat which translated to SELinux getattr permission as opposed to a simple getdents64 syscall which is less pervasive).
Reading just the names is enough though to determine whether an entry looks like a pid directory.
pr closed time in 16 days
push eventmitchellh/go-ps
commit sha 79a12729eb74ef3af12c8493176467be77a20204
It is not mandatory to verify whether the file in /proc is a directory - simple numeric name check should suffice. Otherwise, it is pretty problematic to query processes on systems with SELinux in enforcing mode as it is complicated to open access to _all_ files inside proc. The reason this catch-all access is required is that with os.Readdir it needs to lstat each entry to return os.FileInfo and this requires additional permissions on each disperate file type inside /proc which is not easy to catch with an attribute (as it is with processes).
commit sha e4db5bf9c2843548a77769573f0d723fa1a56f33
Merge pull request #1 from gravitational/dmitri/proc-selinux Update process fetcher to support SELinux-enabled systems.
commit sha d0e03acbeea005fde120012386fca1b35253c794
Merge branch 'master' of https://github.com/gravitational/go-ps into gravitational-master
commit sha 147ff83818ae939913b2e20b91ae3cd6c391771c
Merge branch 'gravitational-master'
push time in 16 days
push eventmitchellh/go-ps
commit sha 91629f07a773bde3581a3e817e3a5ff9f4216a5e
add go.mod
push time in 16 days
push eventmitchellh/protoc-gen-go-json
commit sha 497f0b59bb2260707a9cc6689d419e737a0b2806
Add allow_unknown flag to allow unmarshaling unknown fields
commit sha fd297ce346f121efbef64457c9e1b6e8d10ab4cb
Merge pull request #3 from zknill/master Add allow_unknown flag to allow unmarshaling unknown fields
push time in a month
PR merged mitchellh/protoc-gen-go-json
This PR updates the json.Unmarshaler interface implementations to respect toggle AllowUnknownFields.
Add a flag allow_unknown that toggles the jsonpb unmarshaler to allow unknown fields.
Run make to update the e2e.
Fixes #2
pr closed time in a month
issue closedmitchellh/protoc-gen-go-json
Added AllowUnknownFields to jsonpb.Unmarshaler
closed time in a month
l-vitaly
pull request commentmitchellh/protoc-gen-go-json
Add allow_unknown flag to allow unmarshaling unknown fields
Looks good thanks.
comment created time in a month
push eventmitchellh/gon
commit sha 8fd67c663c53c0763b27eb9169ab3f5324cfcb75
notarize: use the provider when calling xcrun
commit sha 16606cb4e05be09453906bf9f0169396472766d5
Merge pull request #13 from vrischmann/asc-provider notarize: use the provider when calling xcrun
push time in a month
PR merged mitchellh/gon
Even though the provider field was set, the call to xcrun altool didn't use it.
This PR fixes this by adding --asc-provider.
pr closed time in a month
pull request commentmitchellh/gon
notarize: use the provider when calling xcrun
Whoops sorry! Thank you.
comment created time in a month
push eventmitchellh/go-z3
commit sha 857a8e15565d758058cea1628ddfcb3a9c6e0580
Fix build
commit sha 4cbedeba863fd231d38eb2d5fc42c368d597fa79
Merge pull request #4 from mattn/fix-build Fix build
push time in 2 months
push eventmitchellh/gon
commit sha 49818e9291000d508d6fecb6024ba36f225ca02c
Update README
push time in 2 months
push eventmitchellh/gon
commit sha e0bf558d5f925d742b32a0c045eb485c8c4b5b3c
Update README with GoReleaser docs
push time in 2 months
pull request commentgoreleaser/goreleaser
docs: signing with mitchellh/gon
This is awesome thank you! I'll add this to the gon README as well!
comment created time in 2 months
pull request commentmitchellh/go-mruby
oh, to clarify, I think dropping 1.10, and 1.11 support is probably worth it if it causes you to write unnecessary workarounds or other complexity.
@mitchellh I think I'm making a safe judgment call, but please shout out if you disagree.
Totally safe. I think generally N, and N-1 are the versions you want to support which gives you 1 year of backwards support (Go is on 6mo cycles). Go 1.13 in particular was a rough version for a lot of projects to upgrade to due to major changes in Go modules behavior (we struggled at HashiCorp).
This is awesome though. Thanks @take-cheeze and @erikh!
comment created time in 2 months
Pull request review commenthashicorp/logutils
level: Support multi-line log writes
func (f *LevelFilter) Check(line []byte) bool { return !ok } +// Write is a specialized implementation of io.Writer suitable for being+// the output of a logger from the "log" package.+//+// This Writer implementation assumes that it will only recieve byte slices+// containing one or more entire lines of log output, each one terminated by+// a newline. This is compatible with the behavior of the "log" package+// directly, and is also tolerant of intermediaries that might buffer multiple+// separate writes together, as long as no individual log line is ever+// split into multiple slices.+//+// Behavior is undefined if any log line is split across multiple writes or+// written without a trailing '\n' delimiter. func (f *LevelFilter) Write(p []byte) (n int, err error) {- // Note in general that io.Writer can receive any byte sequence- // to write, but the "log" package always guarantees that we only- // get a single line. We use that as a slight optimization within- // this method, assuming we're dealing with a single, complete line- // of log data.-- if !f.Check(p) {- return len(p), nil+ for len(p) > 0 {+ // Split at the first \n, inclusive+ idx := bytes.IndexByte(p, '\n')
Yikes, that's right. I forgot that's a thing (newlines in the log messages).
comment created time in 3 months
issue commentmitchellh/gon
Suggestion: allow passing extra flags to create-dmg
My hesitation with this is that it forces us to use create-dmg forever. I don't have any plans not to but say a Go-native way to create DMGs existed (it doesn't, it probably won't), we couldn't switch because we hard depend on create-dmg. However, create-dmg is also a very active and full featured project so would we ever realistically switch? Maybe not.
So, if we went with this, my recommendation would be to make extra_args a list of strings so we don't have to deal with shell parsing or anything and we can pass as-is to fork/exec.
comment created time in 3 months
issue commentanasinnyk/terraform-provider-1password
I thought files downloaded directly like this don't set the com.apple.quarantine extended attribute and sneakily bypass gatekeeper. This is why you can curl unsigned/unnotarized binaries and run them but you can't download them via browsers, Mail.app, etc.
If not, then hopefully upstreams start notarizing soon! 😄
comment created time in 3 months
created tagmitchellh/gon
Sign, notarize, and package macOS CLI tools and applications written in any language. Available as both a CLI and a Go library.
created time in 3 months
release mitchellh/gon
gon_0.2.2_macos.dmg 5.41MB
gon_0.2.2_macos.zip 5.40MB
released time in 3 months
push eventmitchellh/gon
commit sha 5d2789ca2842510801de9af7f5f650b1a17d6fc3
v0.2.2
push time in 3 months
pull request commentmitchellh/gon
Add support for zipping multiple source files (or a root directory)
Thank you!
I made one additional commit (on top of yours) to not expose Root right now as a public API. That is something we probably want to support in the Go-library API of gon but I think we want to think through the impacts of that plus Files more. In your form, it was either Root or Files but not both. That's certainly sensible but I don't want to commit to that yet in a public API.
Instead, I changed it so that we always create a temporary root from Files and use that.
comment created time in 3 months
PR merged mitchellh/gon
If multiple files are specified in source, currently the zip step does not work, as ditto does not support archiving multiple files at once. Instead, this refactors the zip step a bit to first copy all the source files into a temporary directory, and then archive the directory.
I'm not really a Go developer, so let me know if I've strayed from any idioms!
pr closed time in 3 months
push eventmitchellh/gon
commit sha d7e9acf5175e3bb2c9636225d10335660d6ad4ff
Add support for zipping multiple source files (or a root directory)
commit sha 18c7163e8835d88e721f4274c5313b904b0dfa7e
Merge branch 'mf-zip_multiple' of https://github.com/maxfierke/gon into maxfierke-mf-zip_multiple
commit sha e99228c5b79fb2a08e64c5d5d33c672143771933
package/zip: don't export Root right now as a public API
push time in 3 months
push eventmitchellh/gon
commit sha 604c8194e63ffb4c923a4357820104b6d1304ba9
cmd/gon: change if structure to avoid an else case
commit sha 5aa618755f4eb65592d7e8e892ad6b5fc30c59f2
update README
push time in 3 months
push eventmitchellh/gon
commit sha 87980d8194884ba5eb40507f9ac9ce5e25b1e13b
Fallback to environment if values not specified for AppleId If any values are not specified in the config file for `AppleId` we can fallback to pulling them from `AC_USERNAME`, `AC_PASSWORD`, and `AC_PROVIDER`. `AC_PASSWORD` will still be passed into `altool` using the `@env:` prefix as supported by `altool` to avoid printing sensitive information but all others will be read from the environment and passed by value to `altool`.
commit sha 3278d6292802db5a448a94b278c9ecf5af715bb7
Merge pull request #10 from maxfierke/mf-env_username Fallback to environment if values not specified for AppleId
push time in 3 months
PR merged mitchellh/gon
If any values are not specified in the config file for AppleId
we can fallback to pulling them from AC_USERNAME, AC_PASSWORD,
and AC_PROVIDER.
AC_PASSWORD will still be passed into altool using the @env:
prefix as supported by altool to avoid printing sensitive
information but all others will be read from the environment and
passed by value to altool.
Resolves #9
pr closed time in 3 months
issue closedmitchellh/gon
Support reading Apple ID username/email from environment
Right now the properties within apple_id are being passed verbatim to altool, which has native support for reading Apple ID password from the environment (or keychain), but it would handy to also support providing the Apple ID username via an environment variable.
I'd like to commit my application's gon config to the repo that uses it, but would prefer to avoid publishing my Apple ID username/email.
If this seems reasonable, I can throw up a PR.
closed time in 3 months
maxfierke
Pull request review commentmitchellh/gon
Fallback to environment if values not specified for AppleId
func realMain() int { } } + // If not specified in the configuration, we initialize a new struct that we'll+ // load with values from the environment.+ if cfg.AppleId == nil {+ cfg.AppleId = &config.AppleId{}+ }++ if cfg.AppleId.Username == "" {+ appleIdUsername, ok := os.LookupEnv("AC_USERNAME")++ if ok {
This is fine, but I prefer to do a !ok check and exit, so that we don't need a full else case.
comment created time in 3 months
issue commentmitchellh/gon
Support use of apiKey/apiIssuer instead of username/password
Sure! This sounds good. I’ve never used these values so I didn’t support them because I couldnt’ test them. If you want to take a stab I’d be happy to review that PR. Also, if you want to let me know how I can get these types of credentials and I can test it that’d be appreciated.
comment created time in 3 months
issue commentmitchellh/gon
Support reading Apple ID username/email from environment
Hey, I think that is reasonable. As you probably already know: the syntax we use for the Apple ID password is just what altool accepts so we can’t really accept the same values for the username (since I don’t believe altool parses those for keychain or env access).
If I recall in Apple’s docs they use the AC_USERNAME and AC_PASSWORD env vars. I’d be supportive of just supporting those as defaults if there is no config set.
comment created time in 3 months
push eventmitchellh/gon
commit sha 358bd1c201ba00484ce2b3721800b4947bd650ea
package/dmg: update doc to note it uses create-dmg
push time in 3 months
created tagmitchellh/gon
Sign, notarize, and package macOS CLI tools and applications written in any language. Available as both a CLI and a Go library.
created time in 3 months
release mitchellh/gon
gon_0.2.1_macos.dmg 5.41MB
gon_0.2.1_macos.zip 5.40MB
released time in 3 months
push eventmitchellh/gon
commit sha 6bf907f21f68b871035378f4da75b3b7e0bdfcae
v0.2.1
push time in 3 months
push eventmitchellh/gon
commit sha 184f2663ea8ef704ba11f955f06cedb673fcff26
notarize: tests for parselog
push time in 3 months
push eventmitchellh/gon
commit sha 4c90bcde7ace62b6baeac283788084dc4cc68451
notarize: specify null logger for retryable client
push time in 3 months
issue closedmitchellh/gon
Signing with an invalid developer ID cert returns success
Issue: When I provide an invalid developer ID cert (oops), gon successfully completes and doesn't return an error. The log file shows a warning with the following under issues:
"issues": [
{
"severity": "warning",
"code": null,
"path": "terraform",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": null,
"architecture": "x86_64"
}
]
IMO this is a fatal error, as the resulting executables can't be opened on OSX 10.15.
Solution: Exit gon and return an error if this 'warning' appears in the log file.
closed time in 3 months
mdeggies
issue commentmitchellh/gon
Signing with an invalid developer ID cert returns success
Fixed by #6. I'm going to add more tests and fix a couple other issues, will cut a release tomorrow or later tonight.
comment created time in 3 months
push eventmitchellh/gon
commit sha 0a5bebe7a3c0a0b62020b947eae4cd3493001fd0
notarize: parse logs
commit sha 1ba8a7adeefc992ef82bd0a2aded257cc0642881
cmd/gon: download and parse logs for issues
commit sha 3aa853b2b3be5fee293b04bae53f86077822ca04
cmd/gon: download the log and output issues
commit sha 26e74e39091b7be1d074b8792f943854f70de32a
cmd/gon: error if there are warnings or log file can't be downloaded
commit sha a5f0eaeefdbca1ab42045eec7a68dbe9bcde3ce8
notarize: use a retryable HTTP client for downloading logs
commit sha 8962847dab7aa4baf7b66a542168929c384ba534
Merge pull request #6 from mitchellh/f-notarization-log Download notarization log, parse issues, error if any issues
push time in 3 months
PR merged mitchellh/gon
This is a really sad thing discovered pursuing #5.
It turns out that the notarization status can be "success" and there can be "warnings" in the issues list in the log. If there are warnings, Gatekeeper still fails to validate a package and it won't launch.
This PR introduces the ability to download and parse logs, and errors if there are any issues (including warnings). We also output these directly in the CLI now which is nice. If we fail to download the log, we consider notarization a failure.
I wanted to add more tests for this but wanted to get this merged in quickly since its blocking us in some ways. I'll add tests in future commits.
pr closed time in 3 months
PR opened mitchellh/gon
This is a really sad thing discovered pursuing #5.
It turns out that the notarization status can be "success" and there can be "warnings" in the issues list in the log. If there are warnings, Gatekeeper still fails to validate a package and it won't launch.
This PR introduces the ability to download and parse logs, and errors if there are any issues (including warnings). We also output these directly in the CLI now which is nice. If we fail to download the log, we consider notarization a failure.
I wanted to add more tests for this but wanted to get this merged in quickly since its blocking us in some ways. I'll add tests in future commits.
pr created time in 3 months
push eventmitchellh/gon
commit sha a5f0eaeefdbca1ab42045eec7a68dbe9bcde3ce8
notarize: use a retryable HTTP client for downloading logs
push time in 3 months
push eventmitchellh/gon
commit sha 26e74e39091b7be1d074b8792f943854f70de32a
cmd/gon: error if there are warnings or log file can't be downloaded
push time in 3 months
issue commentgoreleaser/goreleaser
integrate mitchellh/gon lib for signing and notarizing macOS binaries
Awesome thanks @joemiller. Agreed a builds filter would help a lot here.
comment created time in 3 months
push eventmitchellh/gon
commit sha 0a56f02d901311d24fe60b5cc1ae19371c6590b7
sign: on error show the full output
push time in 3 months
issue closedmitchellh/gon
Enhancement: Add support for an Entitlements file
Add an optional entitlements_file string attribute to the sign config object. This will add the --entitlements <filepath> argument to the codesign command line.
https://github.com/etter-tanium/gon/blob/8ff56016325245ba1ddc327398bf86b35883863b/internal/config/config.go#L65 https://github.com/etter-tanium/gon/blob/8ff56016325245ba1ddc327398bf86b35883863b/sign/sign.go#L74
closed time in 3 months
etter-tanium
push eventmitchellh/gon
commit sha 1aaac0ab74c03369c06f222ee1c9442aabebe4cb
Add support for --entitlements file - Optional entitlements_file in the "Sign" field - Add example .hcl file - Correct some minor tabs/spaces from previous PR
commit sha 8ff56016325245ba1ddc327398bf86b35883863b
Update README
commit sha 861a6224b40540080c7bd3cb964304d9cb08026e
Remove entitlements from roadmaps TODOs
commit sha 0723683e3a6e54ccd0b75e1ff1f5bc3dd2154dc2
Merge pull request #4 from etter-tanium/support-entitlements Add support for signing with an Entitlements file
push time in 3 months
PR merged mitchellh/gon
For issue: https://github.com/mitchellh/gon/issues/3
pr closed time in 3 months
pull request commentmitchellh/gon
Add support for signing with an Entitlements file
Looks perfect. Thanks!
comment created time in 3 months
issue commentmitchellh/gon
Signing with an invalid developer ID cert returns success
Hey @mdeggies, can you get me -log-level=trace output?
This might be working as intended, since Apple currently relaxed the notarization requirements: https://developer.apple.com/news/?id=09032019a
As noted in the logs they're just warnings and not errors. Regardless, I think its a useful enhancement to download that log file and parse this and show the user.
comment created time in 3 months
push eventmitchellh/dotfiles
commit sha 20558c91f264ec940e54408941d3a96fe66af5a6
Update Brewfile
push time in 3 months
issue commentmitchellh/gon
Enhancement: Add support for an Entitlements file
👍
comment created time in 3 months
pull request commentmitchellh/gon
Awesome.
It’d be helpful if you just opened an issue to warn me its coming so I don’t overlap with you. That cool? If you want to include some thoughts on how you’re going to do the config we can bikeshed on that there so when the PR comes in hopefully can just merge quickly.
I appreciate the contribution!
comment created time in 3 months
created tagmitchellh/gon
Sign, notarize, and package macOS CLI tools and applications written in any language. Available as both a CLI and a Go library.
created time in 3 months
release mitchellh/gon
gon_0.2.0_macos.dmg 3.44MB
gon_0.2.0_macos.zip 3.44MB
released time in 3 months
push eventmitchellh/gon
commit sha 69049d85a02d19b33ad705d2d1e58c48cb8e1aa0
v0.2.0
push time in 3 months
push eventmitchellh/gon
commit sha 4cdac7b5bff99b6047facd0c697084fe080c8a32
Typo in README
push time in 3 months
push eventmitchellh/gon
commit sha 024ee7836846e2eb7be78e22ca45766c6e1b04ec
make source/bundle_id optional for notarization-only mode
push time in 3 months
push eventmitchellh/gon
commit sha d4cbc0ce1ed0b93041dbd164eb57dab4f256cc81
update README
push time in 3 months
push eventmitchellh/gon
commit sha b45a4b83f1b92f29d050da8887ad5cf6100511cc
cmd/gon: shuffle some logic to be a bit clearer
push time in 3 months
delete branch mitchellh/gon
delete branch : etter-tanium-standalone-notarization
delete time in 3 months
push eventmitchellh/gon
commit sha 1d9cee1fdb7adb94ec64e5a2b712d21dfc98fbdd
Support a notarization-only workflow - Add new optional notarize section to the config - Allow specifying notarize in lieu of sources
commit sha 92ccbcb34ad792b3bd66baaa31718dc8278b9b7f
support multiple `notarize` blocks, more validation in `gon`
commit sha 3cd4dbca3f19d0252ae23bd5067bfea604b3360a
update README
commit sha b86987ec953307f63d29d4c61484c888b4ca1e57
Merge pull request #2 from mitchellh/etter-tanium-standalone-notarization Support a notarization-only mode, thanks to @etter-tanium
push time in 3 months
PR merged mitchellh/gon
See #1
@etter-tanium - Here is what I noted in my comment. I added commits to your branch so you retain original authorship there.
pr closed time in 3 months
PR closed mitchellh/gon
To support a workflow where the item to be notarized (.pkg or .zip) does not require the existing gon process to perform the signing and packaging steps.
- Add new optional notarize section to the config
- Allow specifying notarize in lieu of sources
pr closed time in 3 months
pull request commentmitchellh/gon
Support a notarization-only workflow
Pushed a modification to #2. I retained your commit! Thanks.
I also think I can add optional signing support here too...
comment created time in 3 months
PR opened mitchellh/gon
See #1
@etter-tanium - Here is what I noted in my comment. I added commits to your branch so you retain original authorship there.
pr created time in 3 months
create barnchmitchellh/gon
branch : etter-tanium-standalone-notarization
created branch time in 3 months
pull request commentmitchellh/gon
Support a notarization-only workflow
I think we can do something simpler and incrementally change the config:
- multiple
notarizeblocks support, each one represents a parallel notarization - add
bundle_idtonotarize, it uses that - keep
sourcesand rootbundle_idfor now, that'll be used for from-source notarizing only.
Its a bit arbitrary seeming but I think we can get to a point where step 3 turns into:
source {}block (single) which hasfilesandbundle_idas parameters to attach to the source-based build.
And I think we can do that last step while keeping backwards compatibility and showing a warning for awhile. Very few people are probably using this project so we could probably break compat but I'd rather not if we can help it :)
comment created time in 3 months
pull request commentmitchellh/gon
Support a notarization-only workflow
I think this makes a lot of sense and was something I was thinking about myself.
It bothers me a bit that the config feels a little weird (really bundle_id should be part of notarize). This isn't your fault at all its just the way it is currently. Let me think about that for a bit.
I might build on this a bit, because I think it'd be valuable to support notarizing multiple files since effectively support that functionality already. It'd also enable us to provide maybe a split workflow in the future (where given a single config you can do the sign step, package step, notarize step separately). Any thoughts?
comment created time in 3 months
issue commentnodejs/node
macOS Installer Requires Notarization To Be Run Under Catalina and Beyond
Hello! I've been helping our company (HashiCorp) work through this, even though we aren't Node users, and I wanted to drop a few things here that may be helpful. I've also been spending quite a lot of time researching this so if there are any questions I'd be happy to answer them. Like I said, I'm not a Node user or really part of this community, but from a general FOSS perspective, I'm happy to be of service.
What @directionless said is correct. For step 1, Apple supports only four formats dmg, pkg, app, or zip. The one caveat with zip is that it does not support stapling (step 4 of what @directionless said), so users would need to have internet on first use (of any exec of the an executable, not the unzipping action) to verify the notarization.
If you're looking to automate this to some extent, I've built a CLI to do that (language agnostic): https://github.com/mitchellh/gon It probably doesn't have the features the Node project needs to fully integrate it but I'm happy to help with that. Ultimately, I don't care if you use my tool, but the source code may be helpful in better understanding how this works. One thing I found building that tool is that therea re various transient errors to be aware of that are safe for retries.
Good luck! 🚀
comment created time in 4 months
issue commentgoreleaser/goreleaser
integrate mitchellh/gon lib for signing and notarizing macOS binaries
@joemiller Can you share your goreleaser config if you get it working?
One of the improvements I had thought of for gon is introducing flags to split the steps across multiple invocations to make it more friendly to hook into something like goreleaser but I wasn't able to verify the hooks are there. Let me know.
comment created time in 4 months
issue commentgoreleaser/goreleaser
integrate mitchellh/gon lib for signing and notarizing macOS binaries
Hey! Thanks for making this issue. 😄 My motivation for exposing gon as a library was actually hoping that goreleaser could integrate in some way. I just want to note that I'm happy to answer any questions or make any improvements to gon as this project sees fit.
I built gon to be more generic than just Go projects hence its its own CLI, plus the needs we have at HashiCorp are a bit more specialized than goreleaser can handle so gon provides something we can better integrate. However, I use goreleaser for a lot of projects (and we do for some at the company too) and I'd love to see better support for this.
Let me note a few difficulties I had with goreleaser where I couldn't find a way to fit gon in on its own:
- For stapling support (verification works offline), you need to package your CLI into a DMG (or
pkg, or.app/). I couldn't see a way to do this in goreleaser today. - For notarization, you need to operate on the dmg at least and its async as noted above.
One annoying point is this all has to happen on macOS. It requires Xcode tooling that doesn't exist on other platforms today. I'm sure someone can reverse engineer it and make it work, but we're a long way from that.
I'd love to see goreleaser natively support notarization (including stapling with dmgs). The experience without notarization on macOS Catalina is quite extreme.
Thank you!
comment created time in 4 months
created tagmitchellh/panicwrap
panicwrap is a Go library for catching and handling panics in Go applications.
created time in 4 months
push eventmitchellh/panicwrap
commit sha b3f3dc3c6bac25d9aa700825f5dc0dba75c5f2a8
update go.mod
push time in 4 months
pull request commentmitchellh/panicwrap
Thank you works great!
comment created time in 4 months
PR merged mitchellh/panicwrap
Hi,
An issue as arised from Terraform use of panicwrap.
If, after a relaunch and panicwrap's setup, the application tries to execute itself recursively, as the cookie env variable will still be set, Wrapped will return true in this new process.
This is an issue for Terraform as they add prefix to the outputs when Wrapped yield true causing bad outputs.
To solve this I've made it that after we detect that we are indeed in a wrapped process using the env variable, we unset it.
Do you agree with the proposed solution?
You can find the Terraform issue and conversation here https://github.com/hashicorp/terraform/issues/20293
pr closed time in 4 months
push eventmitchellh/panicwrap
commit sha aed6ae0068931d5b068806896c49786ff500c552
Unset cookie env var after it's use if we are already wrapped This is done to prevent false positives if, in a wrapped state, the program tries to execute itself independently of panicwrap
commit sha 417842d607525ac37bf9113b619f223be45fc13d
Update test to reflect unset of cookie env variable in a wrapped context
commit sha 82e88f90e40c2432b5472e77830ed09086d0094b
Add test to verify that within a wrapped context, an independent new process isn't considered as a panicwrapped one
commit sha 7daf7ec89acdfa94e677720dc07b21ac2b350385
Merge branch 'DaemonSnake-master'
push time in 4 months
push eventmitchellh/gon
commit sha 419730c8eb85417f27b2cf369a4e7f14b63239e5
update README
push time in 4 months
push eventmitchellh/gon
commit sha 3c9ddecade4b729818381e409e7abf4881c38553
update README
push time in 4 months
created tagmitchellh/gon
Sign, notarize, and package macOS CLI tools and applications written in any language. Available as both a CLI and a Go library.
created time in 4 months
release mitchellh/gon
gon_0.1.1_macos.dmg 3.44MB
gon_0.1.1_macos.zip 3.43MB
released time in 4 months
push eventmitchellh/gon
commit sha 31b5d020cad5ae8dae181be88f58b95aad58938e
notarize: use strutured errors to check for error 1519
push time in 4 months
created tagmitchellh/gon
Sign, notarize, and package macOS CLI tools and applications written in any language. Available as both a CLI and a Go library.
created time in 4 months
push eventmitchellh/gon
commit sha 2f48e6bbf26fd598ded2baae9e34eaa70bdbfb5c
v0.1.1
push time in 4 months
push eventmitchellh/gon
commit sha 8a115c2f6ecdedc407036b8bafbec57c831b55dd
notarize: limit concurrent uploads to avoid error -18000
push time in 4 months
startedmitchellh/gon
started time in 4 months
push eventmitchellh/gon
commit sha 56f3b7415b4f999e7f8e712fc716198912d72b57
update README
push time in 4 months
push eventmitchellh/gon
commit sha 91f77b797ca7359c0f102251759873afd2766b4c
update README
push time in 4 months
push eventmitchellh/gon
commit sha f3470bd64d716a56fa75cef799cdea8ba1826a15
Add package docs
push time in 4 months
created tagmitchellh/golicense
Scan and analyze OSS dependencies and licenses from compiled Go binaries
created time in 4 months