DARWIN: disable kextutil check for versions requiring notarization 22/14222/3
authorMark Vitale <mvitale@sinenomine.net>
Tue, 12 May 2020 16:59:31 +0000 (12:59 -0400)
committerBenjamin Kaduk <kaduk@mit.edu>
Fri, 11 Sep 2020 05:00:30 +0000 (01:00 -0400)
Our kextutil signing check will fail for releases that require
notarization (Mojave 10.14.5 and up, Catalina 10.15 all versions),
because we aren't notarized yet at the time of the check.

Instead, disable the check for those releases.

Change-Id: Iec1b74d18ae02cdd031ed3194ffb9900aa8a1b55
Reviewed-on: https://gerrit.openafs.org/14222
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

src/packaging/MacOS/pkgbuild.sh.in

index c0f33a3..1814304 100644 (file)
@@ -370,7 +370,13 @@ if [ x"$PASS1" = x1 ]; then
                    "$PKGROOT"/Library/OpenAFS/Tools/root.client/usr/vice/etc/afs.kext \
                    "$PKGROOT"/private/var/db/openafs/etc/afs.kext
        do
-           kextutil -no-load -print-diagnostics "$kext"
+           # This check will fail on systems that require notarization, because we haven't
+           # notarized anything yet.  For now, just disable the check for those versions.
+           if [ $THISREL -ge 14 ]; then
+               echo "Skipping kextutil checks for $kext"
+           else
+               kextutil -no-load -print-diagnostics "$kext"
+           fi
        done
     fi