influxdata/influxdb

Dealing with MacOS Catalina Notary Service

Open

#16009 opened on Nov 21, 2019

View on GitHub
 (4 comments) (0 reactions) (1 assignee)Rust (31,498 stars) (3,707 forks)batch import
area/2.xarea/buildarea/packaginghelp wanted

Description

We need to figure out how to handle the MacOS notary service that causes our binaries to be untrusted.

some info from how Go is dealing with it: https://github.com/golang/go/issues/34986

Open to suggestions on how we should handle this.

Contributor guide

Tech stack
rustshell
Domain
build systemdevops
Issue type
research
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
4
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-2 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
needs investigation
Prerequisites
macOS code signing and notarizationRust build process
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
20
Research direction
This issue requires investigating how to integrate macOS notary service for Rust binaries in the InfluxDB build pipeline. The referenced Go issue provides one approach, but it needs to be adapted for Rust. Look into the build scripts (likely in the repository's CI configuration) and consult maintainers on the preferred method. No linked PRs exist, so a proposal should be made.