-
Type:
Bug
-
Resolution: Done
-
Priority:
Critical - P2
-
Affects Version/s: None
-
Component/s: None
-
2
-
Tools and Replicator
-
1
-
Not Needed
Problem Statement/Rationale
Releases 100.12.1, 100.12.2 are not notarized properly anymore.
Release 100.12.0 is notarized properly, so something has changed.
I recommend adding notarization verification to the pre-release test suite.
Steps to Reproduce
Download MacOS arm64 releases from https://www.mongodb.com/try/download/database-tools/releases/archive
Unpack releases:
$ ls -l1 mongodb-database-tools-macos-arm64-100.12.0 mongodb-database-tools-macos-arm64-100.12.1 mongodb-database-tools-macos-arm64-100.12.2 $ spctl --asses -vvv --type install mongodb-database-tools-macos-arm64-100.12.2/bin/mongorestore mongodb-database-tools-macos-arm64-100.12.2/bin/mongorestore: rejected source=Unnotarized Developer ID origin=Developer ID Application: MongoDB, Inc. (4XWMY46275) $ spctl --asses -vvv --type install mongodb-database-tools-macos-arm64-100.12.1/bin/mongorestore mongodb-database-tools-macos-arm64-100.12.1/bin/mongorestore: rejected source=Unnotarized Developer ID origin=Developer ID Application: MongoDB, Inc. (4XWMY46275)
100.12.0 is properly notarized: $ spctl --asses -vvv --type install mongodb-database-tools-macos-arm64-100.12.0/bin/mongorestore mongodb-database-tools-macos-arm64-100.12.0/bin/mongorestore: accepted source=Notarized Developer ID origin=Developer ID Application: MongoDB, Inc. (4XWMY46275)
We can execute it
mongodb-database-tools-macos-arm64-100.12.0/bin/mongorestore --help Usage: mongorestore <options> <connection-string> <directory or file to restore>
But executing not notarized leads to:
Additional Notes
Every binary should be properly notarized otherwise it's a really bad UX as it's not obvious nor easy for the user to overwrite this. And not notarized binaries are immediately suspicious
- is caused by
-
TOOLS-3820 Change our use of the macOS service to only notarize releases
-
- Closed
-