Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: allow multiple inputs for rcodesign sign #69

Open
rithvikvibhu opened this issue Feb 17, 2023 · 3 comments
Open

Feature request: allow multiple inputs for rcodesign sign #69

rithvikvibhu opened this issue Feb 17, 2023 · 3 comments
Labels
apple-codesign apple-codesign crate and rcodesign CLI tool enhancement New feature or request

Comments

@rithvikvibhu
Copy link

#28 tracks the issue where some native node_modules are not detected as files that should be signed, so the workaround is:

  • Sign bundle: sign Foo.app, then notary-submit
  • For every file in the error, sign Foo.app/path/to/that/file
  • Sign the whole bundle again: sign Foo.app

And this works. But when using remote-sign, instead of forming 1 session, there are N+2 times that the session joining string needs to copied. If there are 10 files missed, then that means copying strings 12 times from CI to local.

If multiple inputs are accepted, then I think a single shared connection can be used to sign all of them together?

Of course it's better to improve the detection so a single bundle sign doesn't miss files, but read somewhere that there are a lot of variety and is hard to make sure all are covered.

Multiple inputs can help not just here, but also when there are many apps to sign.
@indygreg indygreg added enhancement New feature or request apple-codesign apple-codesign crate and rcodesign CLI tool labels Feb 25, 2023
@indygreg
Copy link
Owner

The lack of multiple signing (especially in the context of remote signing) has frustrated me as well! During release processes for my projects, I often have to initiate multiple remote signing sessions. This is laborious and does not spark joy.

I'd love to support multiple signing via a single CLI command.

The biggest open issue in my mind is what the CLI interface looks like. We currently use positional arguments for the input and output paths. Using positional arguments with no other flags to indicate multiple inputs mode leads to ambiguous argument parsing. So we have to invent a new CLI argument mechanism to specify multiple inputs - and maybe multiple outputs.

Once we figure out what that UI looks like, I think this should be relatively straightforward to implement.

@rithvikvibhu
Copy link
Author

How about this?

The current syntax is:

rcodesign sign [OPTIONS] <input_path> [output_path]

New syntax:

rcodesign sign [OPTIONS] <input_path> [output_path]
rcodesign sign [OPTIONS] <input_path1> [<input_pathN>, ...] [--out <output_path>]

with parsing as:

// paths = list of file paths (positional arguments) after OPTIONS
if (paths.length === 2) {
  input = [paths[0]];
  output = paths[1] || options.out;
} else if (paths.length > 2) {
  input = paths;
  output = options.out;
}

@rithvikvibhu rithvikvibhu mentioned this issue Jun 26, 2023
Closed
@indygreg
Copy link
Owner

Another factor here is how scoped setting should behave in the face of multiple inputs, as each scope's path could match multiple inputs.

That consideration biases me towards use of -- as a delimiter between distinct sets of signing components.

Or, we could just say the problem space is too complex and close this issue as won't fix. The main thing that gives me pause is I'd really like to support multi-signing for remote signing so you only have to establish 1 signing session on the remote.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
apple-codesign apple-codesign crate and rcodesign CLI tool enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@indygreg @rithvikvibhu