MacOS binaries are not notarized properly starting from release 100.12.1

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Done
    • Priority: Critical - P2
    • patch-next
    • Affects Version/s: None
    • Component/s: None
    • 2
    • Tools and Replicator
    • 1
    • Not Needed

      Problem Statement/Rationale

      Releases 100.12.1, 100.12.2 are not notarized properly anymore. 

      Release 100.12.0 is notarized properly, so something has changed.

      I recommend adding notarization verification to the pre-release test suite. 

      Steps to Reproduce

      Download MacOS arm64 releases from https://www.mongodb.com/try/download/database-tools/releases/archive

      Unpack releases:

      $ ls -l1
      mongodb-database-tools-macos-arm64-100.12.0
      mongodb-database-tools-macos-arm64-100.12.1
      mongodb-database-tools-macos-arm64-100.12.2
      
      $ spctl --asses -vvv --type install mongodb-database-tools-macos-arm64-100.12.2/bin/mongorestore
      mongodb-database-tools-macos-arm64-100.12.2/bin/mongorestore: rejected
      source=Unnotarized Developer ID
      origin=Developer ID Application: MongoDB, Inc. (4XWMY46275)
      
      $ spctl --asses -vvv --type install mongodb-database-tools-macos-arm64-100.12.1/bin/mongorestore
      mongodb-database-tools-macos-arm64-100.12.1/bin/mongorestore: rejected
      source=Unnotarized Developer ID
      origin=Developer ID Application: MongoDB, Inc. (4XWMY46275)
      
      100.12.0 is properly notarized: 
      $ spctl --asses -vvv --type install mongodb-database-tools-macos-arm64-100.12.0/bin/mongorestore
      mongodb-database-tools-macos-arm64-100.12.0/bin/mongorestore: accepted
      source=Notarized Developer ID
      origin=Developer ID Application: MongoDB, Inc. (4XWMY46275)
      

      We can execute it

      mongodb-database-tools-macos-arm64-100.12.0/bin/mongorestore --help
      Usage:
        mongorestore <options> <connection-string> <directory or file to restore>
      

      But executing not notarized leads to:

      Additional Notes

      Every binary should be properly notarized otherwise it's a really bad UX as it's not obvious nor easy for the user to overwrite this. And not notarized binaries are immediately suspicious

       

              Assignee:
              Dave Rolsky
              Reporter:
              Lukasz Sierant
              Felipe Gasper, Mankawaldeep Singh
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: