Trust codesign using the certificate

When build_release_nightly calls codesign to sign libzim.7.dylib, it appears to be hanging forever. What's most likely happening is that Keychain Access is prompting a password request without any possibility to answer, given this is running on the CI. It's unclear whether Keychain Access wants to confirm codesign can access the certificate or if it is trying to unlock another (System) keychain to find the certificate or key. This addresses the former.
2025-06-26 10:11:27 +00:00 · 2022-05-12 13:48:03 +00:00
parent 32a6e5b588
commit f103cddd77
2 changed files with 11 additions and 7 deletions
--- a/.github/scripts/common.py
+++ b/.github/scripts/common.py
@ -483,6 +483,8 @@ def notarize_macos_build(project):
    for filepath in filepaths:
        subprocess.check_call(["/usr/bin/codesign", "--force", "--sign",
                               os.getenv("SIGNING_IDENTITY", "no-signing-ident"),
+                               "--keychain",
+                               os.getenv("KEYCHAIN", "no-keychain-path"),
                               str(filepath), "--deep", "--timestamp"], env=os.environ)

    # create a zip of the dylibs and upload for notarization