Notarize the MacOS binaries in the pipeline
When installing the Openshift Client on MacOS the Gatekeeper warns that the binary is untrusted and blocks it.
Users then have to go into the settings and overrule the block.
The process is pretty involved every update and may lead to users disabling safety features on their devices.
Related RedHat blog post about it by @DonSchenck
Suggested solution
Integrating this tool in the pipeline submits the binaries to Apple for verification (malware checks etc)
https://github.com/Bearer/gon
Requirements to fix this issue
The steps users have to take if they don't want to disable security settings
oc get updated (by manual download of with Brew)- User tries to use it. (Or opens a new terminal and it gets used for shell completion)
- A warning message appears and the user clicks
Done
- User opens System settings and finds the Security menu.
- User resets/overrules the warning.
- User tries to use oc again. Warning reappears.
- User uses administrator/sudo rights to ignore the warning and stops being bothered until the next update.
Notarize the MacOS binaries in the pipeline
When installing the Openshift Client on MacOS the Gatekeeper warns that the binary is untrusted and blocks it.
Users then have to go into the settings and overrule the block.
The process is pretty involved every update and may lead to users disabling safety features on their devices.
Related RedHat blog post about it by @DonSchenck
Suggested solution
Integrating this tool in the pipeline submits the binaries to Apple for verification (malware checks etc)
https://github.com/Bearer/gon
Requirements to fix this issue
The steps users have to take if they don't want to disable security settings
ocget updated (by manual download of with Brew)Done