Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add extra pages to pkg installers #852

Merged
merged 36 commits into from
Sep 10, 2024
Merged

Conversation

marcoesters
Copy link
Contributor

@marcoesters marcoesters commented Sep 6, 2024

Description

Summary of changes

  • Add feature to create extra pages to pkg installers after the installation step, analogous to the capability for Windows installers.
  • Refactor code signing for pkg installers into a class.
  • Add testing for application signing.
  • Expand the post-install page features to Windows.
  • Expand documentation about signing pkg installers.

Detailed explanation

constructor has the capability to add additional pages for exe installer by overloading the custom_conclusion property. This is not possible for pkg installer because custom pages have a different format from conclusion pages: extra pages follow the Apple plugins format whereas conclusions are RTF or HTML.

So, a new keyword for construct.yaml is required. For pkg installer, this keyword can take multiple extra pages and add them to a pkg installer. These pages can either be compiled projects or simple, single-target projects. The latter is helpful for repositories since it would not require committing binaries.

The plugins must be signed to pass notarization just like the _conda binary. To make the code DRYer, the codesign commands are now a class just like the Windows signing tools. Caveat: get_signing_command() has a different return type because they are used differently. However, I'm happy to change the Windows return type to list and do the join operation elsewhere.

Signing has not been tested on MacOS yet. The challenge is to create self-signed certificates that must be added to a keychain. This is limited to application signing. For installers, a certificate has to be trusted to be found in the keychain. Trusting a certificate requires authentication and interaction with keychains, causing the job to be stuck. I have not found a way to circumvent this.

This concept has been expanded to Windows as well. While this can still be done via custom_conclusion, using the extra pages keyword provides a cleaner solution, especially for those who use the default conclusion page.

Checklist - did you ...

  • Add a file to the news directory (using the template) for the next release's release notes?
  • Add / update necessary tests?
  • Add / update outdated documentation?

@conda-bot conda-bot added the cla-signed [bot] added once the contributor has signed the CLA label Sep 6, 2024
@marcoesters marcoesters marked this pull request as ready for review September 9, 2024 22:33
@marcoesters marcoesters requested a review from a team as a code owner September 9, 2024 22:33
constructor/construct.py Outdated Show resolved Hide resolved
constructor/construct.py Outdated Show resolved Hide resolved
constructor/construct.py Outdated Show resolved Hide resolved
constructor/construct.py Outdated Show resolved Hide resolved
constructor/osxpkg.py Outdated Show resolved Hide resolved
Copy link
Contributor

@jaimergp jaimergp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@marcoesters marcoesters merged commit a4a8ffe into conda:main Sep 10, 2024
20 checks passed
@marcoesters marcoesters deleted the pkg-extra-pages branch September 10, 2024 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla-signed [bot] added once the contributor has signed the CLA
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

3 participants