From 1251febc6a290466ff15c4aed50da2c1f4902aa2 Mon Sep 17 00:00:00 2001 From: Christian Hoffmann Date: Wed, 13 Dec 2023 01:07:06 +0100 Subject: [PATCH 1/3] Autobuild: Work around CodeQL-introduced create-dmg/hdiutil build failures Fixes: #3207 --- mac/deploy_mac.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mac/deploy_mac.sh b/mac/deploy_mac.sh index 709b267010..a1a1317761 100755 --- a/mac/deploy_mac.sh +++ b/mac/deploy_mac.sh @@ -120,7 +120,9 @@ build_installer_image() { # Build installer image - create-dmg \ + # This gets rid of CodeQL's virally infecting dylib preloads which break hdiutil's helper + # /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper. + sudo -u "$USER" create-dmg \ --volname "${client_target_name} Installer" \ --background "${resources_path}/installerbackground.png" \ --window-pos 200 400 \ From bebca88d3f5239b56e804addc7836c83ffd3493e Mon Sep 17 00:00:00 2001 From: Tony Mountifield Date: Thu, 1 Feb 2024 18:24:58 +0000 Subject: [PATCH 2/3] Improve comment in mac/deploy_mac.sh Co-authored-by: ann0see <20726856+ann0see@users.noreply.github.com> --- mac/deploy_mac.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mac/deploy_mac.sh b/mac/deploy_mac.sh index a1a1317761..6e1e0da5a0 100755 --- a/mac/deploy_mac.sh +++ b/mac/deploy_mac.sh @@ -120,7 +120,7 @@ build_installer_image() { # Build installer image - # This gets rid of CodeQL's virally infecting dylib preloads which break hdiutil's helper + # Using sudo gets rid of CodeQL's virally infecting dylib preloads which break hdiutil's helper # /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper. sudo -u "$USER" create-dmg \ --volname "${client_target_name} Installer" \ From 0cfb6315e188d69102cd7e9f2e4d75279a1ff8ee Mon Sep 17 00:00:00 2001 From: Tony Mountifield Date: Tue, 6 Feb 2024 18:35:41 +0000 Subject: [PATCH 3/3] Add detailed explanation for the use of sudo --- mac/deploy_mac.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/mac/deploy_mac.sh b/mac/deploy_mac.sh index 6e1e0da5a0..bf4e36372c 100755 --- a/mac/deploy_mac.sh +++ b/mac/deploy_mac.sh @@ -120,7 +120,15 @@ build_installer_image() { # Build installer image - # Using sudo gets rid of CodeQL's virally infecting dylib preloads which break hdiutil's helper + # When this script is run on Github's CI with CodeQL enabled, CodeQL adds dynamic library + # shims via environment variables, so that it can monitor the compilation of code. + # In order for these settings to propagate to compilation called via shell/bash scripts, + # the CodeQL libs seem automatically to create the same environment variables in sub-shells, + # even when called via 'env'. This was determined by experimentation. + # Unfortunately, the CodeQL libraries are not compatible with the hdiutil program called + # by create-dmg. In order to prevent the automatic propagation of the environment, we use + # sudo to the same user in order to invoke create-dmg with a guaranteed clean environment. + # # /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper. sudo -u "$USER" create-dmg \ --volname "${client_target_name} Installer" \