Checked the logs and have uploaded a log file and provided a link because I found something suspicious there. Please do not post the log file in the topic because very often something important is missing.
I’m submitting a…
Regression (a behavior that stopped working in a new release)
Bug report
Performance issue
Documentation issue or request
Current behavior
Running ./sq command in terminal client for arm64 on MacOS exits with status: “killed”
Expected behavior
Running ./sq command should print parameters and options to be passed to the command
Interesting. I do not have a Mac, so I am not sure, if I can solve that myself. Do you get any kind of details, like error message from the OS or something like that?
Console.log on macOS shows, for the ARM version of the sq binary:
ASP: Security policy would not allow process: 76630, /Users/terje/squidex-cli/sq
This means that the SIP protection kicked in, not allowing the binary to be executed. You may have to sign the app somehow to allow it through the SIP gatekeeper automatically, without end users having to meddle with SIP settings manually.
ChatGPT rudimentarily outlines the process here:
To sign a binary file for macOS so that it can pass through Gatekeeper and System Integrity Protection (SIP), you'll need to obtain an Apple Developer ID certificate and use it to sign the binary. Here's a step-by-step guide:
1. **Obtain an Apple Developer ID certificate**:
- If you don't already have an Apple Developer account, you'll need to create one on the [Apple Developer](https://developer.apple.com/) website.
- Once logged in to your developer account, navigate to the Certificates, Identifiers & Profiles section.
- Follow the instructions to create a Developer ID Application certificate. This certificate will allow you to sign applications and binaries for distribution outside of the Mac App Store.
2. **Export the Developer ID certificate**:
- After obtaining the Developer ID certificate, export it from your keychain to a file:
- Open the Keychain Access application on your Mac.
- Select the "Certificates" category on the left sidebar.
- Find your Developer ID Application certificate in the list.
- Right-click on the certificate and choose "Export".
- Choose a file format (`.p12` is common) and provide a password to protect the exported certificate.
3. **Convert the exported certificate to a PEM format** (optional):
- You may need to convert the exported certificate to a PEM format if you're using certain tools to sign the binary. You can use the `openssl` command-line tool to perform the conversion:
```bash
openssl pkcs12 -in exported_certificate.p12 -out developer_id_certificate.pem -nodes
```
4. **Sign the binary with the Developer ID certificate**:
- Use the `codesign` command-line tool to sign the binary with the Developer ID certificate:
```bash
codesign --deep --force --sign "Developer ID Application: Your Developer Name" /path/to/your/binary
```
Replace "Developer ID Application: Your Developer Name" with the name of your Developer ID certificate, and replace "/path/to/your/binary" with the path to the binary you want to sign.
- The `--deep` option ensures that all nested components of the binary are signed.
- The `--force` option forces signing even if the binary is already signed.
5. **Verify the signature**:
- After signing the binary, you can verify the signature using the `codesign` tool:
```bash
codesign --verify --verbose=4 /path/to/your/binary
```
This command will display information about the signature status and any errors or warnings encountered during verification.
6. **Notarize the application** (optional, but recommended):
- Notarization is an additional step to ensure that your application passes through Gatekeeper and is trusted by macOS. It involves submitting your application to Apple for review and approval. You can notarize your application using Xcode or the `xcrun altool` command-line tool.
By signing your binary with a Developer ID certificate and optionally notarizing it, you can ensure that it passes through Gatekeeper and SIP on macOS systems without triggering security warnings or being blocked.
But previously we did the workaround outlined initially in this thread; “Worked to use the x64 version through Rosetta 2 in the MacOS terminal client.” - basically emulating x64 on MacOS through Rosetta 2. That worked for us, so @mappr you might be able to do that as well.
