hub-tool icon indicating copy to clipboard operation
hub-tool copied to clipboard
verified publisher icon docker

Sign binary with Docker, Inc certificate.

Open jeanlaurent opened this issue 5 years ago • 6 comments

on OSX

  1. Download from release page
  2. run it from terminal gets Screenshot 2020-10-19 at 15 31 49

Had to manually dance around to fix the quarantine

jeanlaurent avatar Oct 19 '20 13:10 jeanlaurent

Would it be enough if we embed the hub-tool in Docker Desktop?

silvin-lubecki avatar Oct 20 '20 10:10 silvin-lubecki

It needs to be signed before shipping, now, if you stop releasing it here and you pass the" hot potato" to the desktop team and they sign it, why not. Talk to them maybe :: cc @mat007

jeanlaurent avatar Oct 26 '20 10:10 jeanlaurent

We can sign it in Docker Desktop but the release cycle for Desktop is perhaps much longer than what we would like for a fast feedback loop? How come we didn’t have that issue before with other stand-alone tools? Doesn’t for instance Docker CLI have mac builders to sign?

mat007 avatar Oct 26 '20 10:10 mat007

@thaJeztah would know I guess

rumpl avatar Oct 26 '20 15:10 rumpl

Nope, we do cross-compile on the CLI, no macOS workers.

@jeanlaurent did you install by downloading through your browser, or (e.g.) curl? IIRC, a workaround is to use curl, in which case macOS doesn't verify

thaJeztah avatar Oct 26 '20 15:10 thaJeztah

Found a neat blog post explaining what needs to be done: https://www.kencochrane.com/2020/08/01/build-and-sign-golang-binaries-for-macos-with-github-actions/

We would need someone with enough access to add the certificate and its password to this repo and then we can make it so that the release has a signed binary.

Or someone should give me the certificate and I can do it locally on my machine if we are not ok with having these in a repo

rumpl avatar Oct 26 '20 16:10 rumpl