Hello, welcome to week 27!
Like last week, I am working on Mac notarization for GHC. Since it’s
my main focus, I will say a few more words about it.
Apple “code signing” and “notarization” are malware-prevention systems built
into macOS. They require developers to preprocess apps in a way that macOS can
verify. My task is to implement those processes for GHC, test them, automate the
process and tests, and add it all to CI. I also want to ensure that notarized
versions of GHC can be installed with Stack and GHCUp.
Right now, the “GHC official bindist” install script (and GHCUp) uses a hacky
workaround that bypasses the code signing and notarization requirements. (I’m
not sure what Stack does here! Does Stack even work on modern macOS, other than
via GHCUp’s “unofficial binaries”?) I want to make those workarounds go away so
that we don’t have any more trouble with Mac than necessary.
Other minor things I finished in the last week:
- Bought a Mac Mini to enable the notarization work
- Used my shiny new Mac to begin investigating how macOS behaves regarding code
signing and notarization
- Wrote a script to remove hundreds of spammy snippets on GHC GitLab
- Did some git bookkeeping for the gitlab server + bots
- Tried fixing my full-text search database, a tool I use for investigating CI
- Continued observing CI and raising issues
See ya next week!