ipfs
fix: sign binaries added in https://github.com/ipfs/service-worker-gateway/releases/tag/v1.12.0
We should ensure build-binary.yml is signing the binaries so we don't get messages like this:
attempting fix with https://github.com/ipfs/service-worker-gateway/commit/cb6906c23495f19df97990b7802db43e74ba7c3a
another change: https://github.com/ipfs/service-worker-gateway/commit/ccf5543fc492287fa04220d20baf6c50ff8641fa
How can I get the latest binary? I just tried running the binary from https://github.com/ipfs/service-worker-gateway/releases/tag/v1.12.0 and got the same error.
After manually allowing it in the Privacy and Security config in MacOS, I get the following when I open it:
@2color macos binaries should working now. service-worker-gateway-aarch64-apple-darwin from https://github.com/ipfs/service-worker-gateway/releases/tag/v1.12.0 worked for me.
windows signing is not working currently because we don't have a valid cert, so that's disabled.
I'll resolve this once:
- someone on windows acknowledges that the .exe works for them
- someone on linux acknowledges that those binaries work for them
Works on windows but users will see
Windows protected your PC
Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
App:
service-worker-gateway-x86_64-pc-windows-msvc.exe
Publisher:
Unknown publisher
In order to get the binary to run on MacOS I had to chmod +x it, after which I was able to run it both from the terminal as well as by just double clicking it in the finder
@2color ahh yea me too.. we don't want users to have to do that. We should update the build-binary step to do that for us
@lidel you handle a lot of the windows certs.. do we have updated ones we can use or do we want to deprioritize this for now?
deprioritize
- windows does not block running unsigned binaries, only shows scary warning – CLI users on Windows are either used to that, or run Linux VM/env anyway, so not blocking anyone
- for windows we only sign ipfs-desktop, we don't sign Kubo nor any of the binaries on https://dist.ipfs.tech and have no turn-key solution that works with Azure Trusted Signing Service (requires research, testing – time sink)
Re #718, the binary in the latest release is still missing executable permissions.
CI was broken and apple binaries did not build for v2:
- https://github.com/ipfs/service-worker-gateway/actions/runs/18676383529/job/53247136483
I've fixed it with the same workaround as https://github.com/ipfs/distributions/issues/1169 – re-run job and darwin binaries are now attached to https://github.com/ipfs/service-worker-gateway/releases/tag/v2.0.0
@achingbrain mind checking if you can run a darwin binary correctly?
- If it works, we can close this issue 👍
- If it does not work (rant) fysa between may and today apple signing broke multiple times. personally, I have no goodwill left in regards to babysitting signing here, this is not end user binary, its a too for developer. I see two paths forward:
- developer running macos should build it locally (macOS on ARM allows self-signed binaries if they were built on the same machine)
- someone with extra calories or LLM tokens can rewrite the go binary to nodejs
I'm not an Apple user, so leaving up to you to decide what is sane course of action here.