[issue44933] python3.9-intel64 hardened runtime not enabled
tester
report at bugs.python.org
Tue Aug 17 06:34:36 EDT 2021
tester <nurvept at gmail.com> added the comment:
This part of the script is used to notarize the python framework and it worked with python 3.9.4 and earlier but with 3.9.5 and 3.9.6 it stopped working because of "/python3.9-intel64",
"message": "The executable does not have the hardened runtime enabled.
#get current python version used in Munki build so that it doesn't have to be hardcoded
PYTHON_FRAMEWORK_VERSION=$(ls Python.framework/Versions | grep -v "Current")
find $MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/lib/ -type f -perm -u=x -exec codesign --force --deep --verbose -s "$DevApp" {} \;
find $MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/bin/ -type f -perm -u=x -exec codesign --force --deep --verbose -s "$DevApp" {} \;
find $MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/lib/ -type f -name "*dylib" -exec codesign --force --deep --verbose -s "$DevApp" {} \;
find $MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/lib/ -type f -name "*so" -exec codesign --force --deep --verbose -s "$DevApp" {} \;
/usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.allow-unsigned-executable-memory bool true" $MUNKIROOT/entitlements.plist
codesign --force --options runtime --entitlements $MUNKIROOT/entitlements.plist --deep --verbose -s "$DevApp" $MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/Resources/Python.app/
codesign --force --options runtime --entitlements $MUNKIROOT/entitlements.plist --deep --verbose -s "$DevApp" $MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/bin/"python$PYTHON_FRAMEWORK_VERSION"
codesign --force --deep --verbose -s "$DevApp" $MUNKIROOT/Python.framework
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44933>
_______________________________________
More information about the Python-bugs-list
mailing list