from:"tester"

[issue44933] python3.9-intel64 hardened runtime not enabled

2021-08-17 Thread tester



New submission from tester :

When trying too build the python framework using the method below and you try 
to get it notarized you get the following error.

"path": "munkitools-5.5.0.4362.pkg/munkitools_python.pkg 
Contents/Payload/usr/local/munki/Python.framework/Versions/3.9/bin/python3.9-intel64",
"message": "The executable does not have the hardened runtime enabled.",

https://github.com/munki/munki/blob/main/code/tools/build_python_framework.sh


The package get built using this ttps://github.com/lifeunexpected/Scripts

This issue happens on python 3.9.5 and 3.9.6 earlier versions did not include 
python3.9-intel64.

--
components: macOS
messages: 399721
nosy: bettyrab, ned.deily, ronaldoussoren
priority: normal
severity: normal
status: open
title: python3.9-intel64 hardened runtime not enabled
type: compile error
versions: Python 3.9

___
Python tracker 
<https://bugs.python.org/issue44933>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44933] python3.9-intel64 hardened runtime not enabled

2021-08-17 Thread tester



tester  added the comment:

This part of the script is used to notarize the python framework and it worked 
with python 3.9.4 and earlier but with 3.9.5 and 3.9.6 it stopped working 
because of "/python3.9-intel64",
"message": "The executable does not have the hardened runtime enabled.

#get current python version used in Munki build so that it doesn't have to be 
hardcoded
PYTHON_FRAMEWORK_VERSION=$(ls Python.framework/Versions | grep -v "Current")

find $MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/lib/ -type 
f -perm -u=x -exec codesign --force --deep --verbose -s "$DevApp" {} \;
find $MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/bin/ -type 
f -perm -u=x -exec codesign --force --deep --verbose -s "$DevApp" {} \;

find $MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/lib/ -type 
f -name "*dylib" -exec codesign --force --deep --verbose -s "$DevApp" {} \;
find $MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/lib/ -type 
f -name "*so" -exec codesign --force --deep --verbose -s "$DevApp" {} \;

/usr/libexec/PlistBuddy -c "Add 
:com.apple.security.cs.allow-unsigned-executable-memory bool true" 
$MUNKIROOT/entitlements.plist

codesign --force --options runtime --entitlements $MUNKIROOT/entitlements.plist 
--deep --verbose -s "$DevApp" 
$MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/Resources/Python.app/

codesign --force --options runtime --entitlements $MUNKIROOT/entitlements.plist 
--deep --verbose -s "$DevApp" 
$MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/bin/"python$PYTHON_FRAMEWORK_VERSION"
codesign --force --deep --verbose -s  "$DevApp" $MUNKIROOT/Python.framework

--

___
Python tracker 
<https://bugs.python.org/issue44933>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44933] python3.9-intel64 hardened runtime not enabled

2021-08-17 Thread tester



tester  added the comment:

oh i didn't now that so thank you so much i will look into that maybe thats 
where my problem is :)

--

___
Python tracker 
<https://bugs.python.org/issue44933>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44933] python3.9-intel64 hardened runtime not enabled

2021-08-19 Thread tester



tester  added the comment:

I found the fix for it earlier today and of course the fix is always right in 
front of you, you just need to look in the right place lol jokes on me.

I orginnaly had this and a few other things in my notarization script to get 
python notarized.
codesign --force --options runtime --entitlements $MUNKIROOT/entitlements.plist 
--deep --verbose -s "$DevApp" 
$MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/bin/"python$PYTHON_FRAMEWORK_VERSION"

So i just had to add the stuff below to make python3.x-intel64 also get 
notarized properly

codesign --force --options runtime --entitlements $MUNKIROOT/entitlements.plist 
--deep --verbose -s "$DevApp" 
$MUNKIROOT/Python.framework/Versions/$PYTHON_FRAMEWORK_VERSION/bin/"python$PYTHON_FRAMEWORK_VERSION-intel64"

https://github.com/lifeunexpected/Scripts/blob/master/Munki.Notarize.zsh

I mostly posted this in case anyone else randomly googles this type off issue 
so maybe it can help them.

--

___
Python tracker 
<https://bugs.python.org/issue44933>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44933] python3.9-intel64 hardened runtime not enabled

[issue44933] python3.9-intel64 hardened runtime not enabled

[issue44933] python3.9-intel64 hardened runtime not enabled

[issue44933] python3.9-intel64 hardened runtime not enabled

4 matches

Site Navigation

Mail list logo

Footer information