User Profile

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

10 Replies

contentPostList.repliesup-voted.tooltip

Replied In Notarization succeeds, but gatekeeper check still fails

I posted the wrong link: https://releases.hashicorp.com/consul/1.6.2+ent/consul_1.6.2+ent_darwin_amd64.zipAs I mentioned earlier, this is a zipfile containing a go binary that CAN be successfully signed and notarized. Feel free to test it out. The signing and notarizing are steps that I am doing locally for now- the signed/notarized binary is not live yet on the site, as the gatekeeper checks keep failing (making a new release useless).

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

10 Replies

contentPostList.repliesup-voted.tooltip

Replied In Notarization succeeds, but gatekeeper check still fails

Thanks. Created 724810310.

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

10 Replies

contentPostList.repliesup-voted.tooltip

Replied In Notarization succeeds, but gatekeeper check still fails

Yeah, we are notarizing binaries (executables). This works successfully with https://releases.hashicorp.com/consul/1.6.2/consul_1.6.2_darwin_386.zipso why wouldn't it work with the others? When I say this works successfully, I mean that after notarization you can:- Unzip the package- Double click to open the executable- Be greeted with 'consul is an app downloaded from the internet. Are you sure you want to open it?' For other binaries, e.g. with the terraform link above, you get the error 'terraform can't be opened because the identity of the developer cannot be confirmed.'

Post not yet marked as solved

Click to stop watching this thread.

You have stopped watching this post. Click to start watching again.

10 Replies

contentPostList.repliesup-voted.tooltip

Replied In Notarization succeeds, but gatekeeper check still fails

Hey,That has been fixed in Go 1.12.13: https://golang.org/doc/devel/release.html#go1.12There are no warnings or errors in the LogFileURL, which is why we have been scratching our heads. We thought the signing/notarizing/stapling steps would ensure no gatekeeper errors. It does work for some products, but not for all (e.g. the terraform binary above always passes notarization but fails gatekeeper checks).In sys logs, I don't see anything under `cmd` or `xprotect`. For `gk`, there is only one entry:default 09:45:56.802922-0800 syspolicyd rule 11 applies - allow=1Not really sure what to look for- there are only a few errors in the logs and they don't contain any of the keywords. Can we send you our logs?