MacOS binaries are not notarized properly starting from release 100.12.1

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Critical - P2
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Tools and Replicator
    • 0

      Problem Statement/Rationale

      Releases 100.12.1, 100.12.2 are not notarized properly anymore. 

      Release 100.12.0 is notarized properly, so something has changed.

      I recommend adding notarization verification to the pre-release test suite. 

      Steps to Reproduce

      Download MacOS arm64 releases from https://www.mongodb.com/try/download/database-tools/releases/archive

      Unpack releases:

      $ ls -l1
      mongodb-database-tools-macos-arm64-100.12.0
      mongodb-database-tools-macos-arm64-100.12.1
      mongodb-database-tools-macos-arm64-100.12.2
      
      $ spctl --asses -vvv --type install mongodb-database-tools-macos-arm64-100.12.2/bin/mongorestore
      mongodb-database-tools-macos-arm64-100.12.2/bin/mongorestore: rejected
      source=Unnotarized Developer ID
      origin=Developer ID Application: MongoDB, Inc. (4XWMY46275)
      
      $ spctl --asses -vvv --type install mongodb-database-tools-macos-arm64-100.12.1/bin/mongorestore
      mongodb-database-tools-macos-arm64-100.12.1/bin/mongorestore: rejected
      source=Unnotarized Developer ID
      origin=Developer ID Application: MongoDB, Inc. (4XWMY46275)
      
      100.12.0 is properly notarized: 
      $ spctl --asses -vvv --type install mongodb-database-tools-macos-arm64-100.12.0/bin/mongorestore
      mongodb-database-tools-macos-arm64-100.12.0/bin/mongorestore: accepted
      source=Notarized Developer ID
      origin=Developer ID Application: MongoDB, Inc. (4XWMY46275)
      

      We can execute it

      mongodb-database-tools-macos-arm64-100.12.0/bin/mongorestore --help
      Usage:
        mongorestore <options> <connection-string> <directory or file to restore>
      

      But executing not notarized leads to:

      Additional Notes

      Every binary should be properly notarized otherwise it's a really bad UX as it's not obvious nor easy for the user to overwrite this. And not notarized binaries are immediately suspicious

       

            Assignee:
            Felipe Gasper
            Reporter:
            Lukasz Sierant
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: