pulumi-aws-native icon indicating copy to clipboard operation
pulumi-aws-native copied to clipboard

Published 20 hours ago verified publisher icon pulumi

"cf2pulumi" can't be opened because Apple cannot check it for malicious software

Open brettdh opened this issue 1 year ago • 2 comments

What happened?

When running cf2pulumi --help from the cf2pulumi-v0.104.0-darwin-arm64.tar.gz or cf2pulumi-v0.103.0-darwin-arm64.tar.gz downloads: image

After a brief interaction with my company's IT department (frankly I'm surprised it was approved), I'm able to continue if I click "Open", but this should still be fixed on Pulumi's side.

Example

See above

Output of pulumi about

N/A

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

brettdh avatar May 01 '24 14:05 brettdh

I'm glad you found a workaround! I am curious does the same thing happen for you when you run pulumi binaries like Pulumi CLI itself?

Doing a bit of of research it appears that we need to sign binaries with Apple here. I could not locate where (or if) we do this for Pulumi CLI, but I found Pulumi CLI is using https://github.com/sigstore/cosign (https://github.com/pulumi/pulumi/pull/11310) - again, I am not sure if this would help with this error message.

I'm going to leave this in the backlog for now, definitely a good feature to consider for GA.

t0yv0 avatar May 02 '24 13:05 t0yv0

@t0yv0 I think cf2pulumi is set to be retired after we replace it with pulumi convert --from cloudformation.

@mjeffryes Do you know if we have an issue tracking that work?

mikhailshilkov avatar May 22 '24 14:05 mikhailshilkov