tlapm icon indicating copy to clipboard operation
tlapm copied to clipboard
verified publisher icon tlaplus

Sign TLAPS release to be accepted by macOS gatekeeper

Open lemmy opened this issue 4 years ago • 6 comments 

“tlaps-1.4.5-i386-darwin-inst.bin” cannot be opened because the developer cannot be verified.
macOS cannot verify that this app is free from malware.

“tlaps-1.5.0-i386-darwin-inst.bin” cannot be opened because the developer cannot be verified.
macOS cannot verify that this app is free from malware.

armbook:Downloads markus$ ./tlaps-1.4.5-i386-darwin-inst.bin 
Killed: 9
armbook:Downloads markus$ ./tlaps-1.5.0-i386-darwin-inst.bin 
Killed: 9

lemmy avatar Sep 26 '21 22:09 lemmy

Manual install on macOS Big Sur 11.6 M1:

$ brew install opam
$ brew install ocaml
$ opam init

$ git clone https://github.com/tlaplus/tlapm
$ cd tlapm

$ eval $(opam env)
$ ./configure
$ cd tools/installer
$./tlaps-release.sh

$ sudo ./tlaps-1.5.0-arm-darwin-inst.bin

[...]

Compiling Isabelle theories.
Building Pure ...
Pure FAILED
(see also /usr/local/lib/tlaps/heaps/polyml-undefined_unknown-platform/log/Pure)

Missing ML installation (ML_HOME)

make: *** [/usr/local/lib/tlaps/heaps/polyml-undefined_unknown-platform/Pure] Error 2
FATAL ERROR: Could not compile Isabelle/Pure

    *** ABORT ***.

FWIW:

  • HEAD of https://github.com/polyml/polyml compiles and installs successfully on macOS Big Sur 11.6 M1
  • tlapm itself compiles and runs successfully

lemmy avatar Oct 05 '21 15:10 lemmy

A thing I've been wondering about for a while: Why does the TLAPS installer build polyml instead of packaging a pre-build binary?

lemmy avatar Oct 05 '21 16:10 lemmy

@will62794 The 1.4.5 installer didn't work for me on M1 MacBook Pro, macOS 11.6. Did it work for you out of the box?

lemmy avatar Oct 11 '21 15:10 lemmy

@lemmy As far as I can recall, there were no major hiccups. I think I did the installation a few months ago (April 2021 perhaps?), using these instructions, and things went relatively smoothly. Looking at your errors above, though, I now seem to recall I may have had to work around some of the Mac permissions errors when trying to run the tlapm installer. See here for a possible workaround.

will62794 avatar Oct 11 '21 15:10 will62794

OK, this really seems to be boiling down to me omitting sudo--stupid. Only, the error message Killed: 9 could be more descriptive.

Related, compiling tlaps on arm64 (pure/polyml) is probably something we want eventually.

lemmy avatar Oct 11 '21 17:10 lemmy

TODO:

  • [ ] Find out if we can sign the current installer (https://developer.apple.com/forums/thread/669188)
  • [ ] Add suitable entitlement.plist for tlapm
  • [ ] Move "Apple_*" secrets from github.com/tlaplus/tlaplus to org-level secrets
    • [ ] Create org-level secrets
    • [ ] Delete github.com/tlaplus/tlaplus secrets
  • [ ] Append code signing steps to https://github.com/tlaplus/tlapm/blob/master/.github/workflows/main.yml

lemmy avatar Oct 13 '21 22:10 lemmy