[Interest] macdeployqt signing stuck in GitHub Actions

Jonas Kvinge jonaski at opensuse.org
Sun Oct 15 15:15:22 CEST 2023 

Hi,

When running macdeployqt in Github Actions on the macos-11 or macos-13 
runners, the codesign process gets stuck for 6 hours before it times 
out. If I copy one of the libraries and sign it directly with codesign, 
it works. There isn't the same issue my self-hosted macOS Ventura arm64 
runner, or locally on the mac, so I suspect it has something to do with 
the virtualization used in GitHub Actions.

Log: Signing "strawberry.app" with identity "383J84DVB6"
Log: Using otool:
Log:  inspecting 
"/Users/runner/work/strawberry/strawberry/build/strawberry.app/Contents/PlugIns/networkinformation/libqglib.dylib"
Log: Using otool:
Log:  inspecting 
"/Users/runner/work/strawberry/strawberry/build/strawberry.app/Contents/Frameworks/QtNetwork.framework/Versions/A/QtNetwork"
Log: Checking for 
"/opt/strawberry_macos_x86_64_release/lib/QtCore.framework/Versions/A/QtCore"
Log: Skipping outside dependency: 
"/opt/strawberry_macos_x86_64_release/lib/QtCore.framework/Versions/A/QtCore"
Log: Using otool:
Log:  inspecting 
"/Users/runner/work/strawberry/strawberry/build/strawberry.app/Contents/Frameworks/libssl.3.dylib"
Log: "codesign" 
"/Users/runner/work/strawberry/strawberry/build/strawberry.app/Contents/Frameworks/libssl.3.dylib"

Here are the steps I use to setup codes-signing:

       - name: Create keychain
         if: matrix.runner == 'macos-11'
         run: security create-keychain -p ${{ 
secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }} build.keychain

       - name: Set keychain
         if: matrix.runner == 'macos-11'
         run: security default-keychain -s build.keychain

       - name: Unlock keychain
         if: matrix.runner == 'macos-11'
         run: security unlock-keychain -p ${{ 
secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }} build.keychain

       - name: Unlock keychain
         if: matrix.runner == 'macos-arm64'
         run: security unlock-keychain -p ${{ 
secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD2 }}

       - name: Import certificate
         if: matrix.runner == 'macos-11'
         run: security import certificate.p12 -k build.keychain -P ${{ 
secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }} -T /usr/bin/codesign

       - name: Show certificate
         run: security find-identity -v

       - name: Allow certificate
         if: matrix.runner == 'macos-11'
         run: security set-key-partition-list -S 
'apple-tool:,apple:,codesign:' -s -k ${{ 
secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }} build.keychain

Jonas

More information about the Interest mailing list