Skip to content

ad-hoc sign macOS native binary in release build#2063

Open
shodiBoy1 wants to merge 2 commits into
devonfw:mainfrom
shodiBoy1:feature/451-macos-adhoc-sign-binary
Open

ad-hoc sign macOS native binary in release build#2063
shodiBoy1 wants to merge 2 commits into
devonfw:mainfrom
shodiBoy1:feature/451-macos-adhoc-sign-binary

Conversation

@shodiBoy1

@shodiBoy1 shodiBoy1 commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

This PR fixes #451

Implemented changes:

  • Ad-hoc sign the macOS native binary in release.yml and nightly-build.yml (after build, before upload, macOS only).
  • Stops macOS Gatekeeper from killing the unsigned binary on launch.

Testing instructions

This only touches the macOS build jobs , so a local mvn build won't exercise it. Two ways to verify:

Verify now (any Mac, most visible on Intel):

  1. Download a current mac-x64 release via the browser, extract it.
  2. codesign -dv bin/ideasy reports "not signed at all", and ./bin/ideasy --version is killed (exit 137 + "developer cannot be verified").
  3. Run the command this PR adds: codesign --force --sign - bin/ideasy
  4. Run ./bin/ideasy --version again → it works.

Verify after merge:
Download the next nightly mac build and run codesign -dv bin/ideasy → it should report Signature=adhoc, and ./bin/ideasy --version runs from
a fresh download.


Checklist for this PR

Make sure everything is checked before merging this PR. For further info please also see
our DoD.

  • When running mvn clean test locally all tests pass and build is successful
  • PR title is of the form #«issue-id»: «brief summary» (e.g. #921: fixed setup.bat). If no issue ID exists, title only.
  • PR top-level comment summarizes what has been done and contains link to addressed issue(s)
  • PR and issue(s) have suitable labels
  • Issue is set to In Progress and assigned to you or there is no issue (might happen for very small PRs)
  • You followed all coding conventions
  • You have added the issue implemented by your PR in CHANGELOG.adoc unless issue is labeled
    with internal
  • You have formulated clear instructions on how to test your contribution under "Testing instructions"

@github-project-automation github-project-automation Bot moved this to 🆕 New in IDEasy board Jun 22, 2026
@shodiBoy1 shodiBoy1 self-assigned this Jun 22, 2026
@shodiBoy1 shodiBoy1 moved this from 🆕 New to 🏗 In progress in IDEasy board Jun 22, 2026
@shodiBoy1 shodiBoy1 added the macOS specific for Apple MacOS label Jun 22, 2026
@coveralls

coveralls commented Jun 22, 2026

Copy link
Copy Markdown
Collaborator

Coverage Report for CI Build 28375511141

Coverage increased (+0.004%) to 71.36%

Details

  • Coverage increased (+0.004%) from the base build.
  • Patch coverage: No coverable lines changed in this PR.
  • 1 coverage regression across 1 file.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

1 previously-covered line in 1 file lost coverage.

File Lines Losing Coverage Coverage
com/devonfw/tools/ide/version/VersionSegment.java 1 90.03%

Coverage Stats

Coverage Status
Relevant Lines: 16274
Covered Lines: 12111
Line Coverage: 74.42%
Relevant Branches: 7284
Covered Branches: 4700
Branch Coverage: 64.52%
Branches in Coverage %: Yes
Coverage Strength: 3.15 hits per line

💛 - Coveralls

@shodiBoy1 shodiBoy1 marked this pull request as ready for review June 22, 2026 18:46
@shodiBoy1 shodiBoy1 moved this from 🏗 In progress to Team Review in IDEasy board Jun 22, 2026
@laim2003 laim2003 self-requested a review June 26, 2026 09:08
@laim2003 laim2003 self-assigned this Jun 26, 2026
@laim2003

Copy link
Copy Markdown
Contributor

I wanted to test this today, but I forgot my mac at home... will do this either tonight or on Friday...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

macOS specific for Apple MacOS

Projects

Status: Team Review

Development

Successfully merging this pull request may close these issues.

Make IDEasy usable on MacOS with active Gatekeeper

3 participants