Skip to content

Revert "Notarize serve-sim camera dylibs in macOS releases"#7165

Merged
brennanb2025 merged 1 commit into
mainfrom
brennanb2025/revert-7077-simcam-dylib-notarization
Jul 3, 2026
Merged

Revert "Notarize serve-sim camera dylibs in macOS releases"#7165
brennanb2025 merged 1 commit into
mainfrom
brennanb2025/revert-7077-simcam-dylib-notarization

Conversation

@brennanb2025

Copy link
Copy Markdown
Contributor

Summary

Reverts PR #7077 ("Notarize serve-sim camera dylibs in macOS releases").

Post-release validation against the shipped v1.4.120-rc.2 artifact proved the afterSign hook cannot fix the reported Gatekeeper rejection (#6877), while adding real cost and fragility to every macOS release build.

Why the hook cannot work

libSimCameraInjector.dylib is built for the iOS Simulator platform (LC_BUILD_VERSION platform 7, SDK iOS 18.5) — it has to be, since it loads inside simulator processes. Apple's notary service accepts submissions containing simulator binaries (so the hook reported success and the build passed) but never issues Gatekeeper tickets for iOS-simulator arm64 slices. notarytool returning Accepted does not mean every slice was ticketed.

Evidence from the v1.4.120-rc.2 release build (which ran the hook, submissions accepted):

  • Both packaged dylib copies still fail: spctl -a -t executerejected, source=Unnotarized Developer ID — the exact symptom from the issue, on the reporter's architecture (arm64).
  • Apple's ticket-delivery API (the same cdhash lookup Gatekeeper uses): arm64 slice NOT_FOUND 23+ minutes after acceptance; x86_64 slice ticketed.
  • The sibling serve-sim-camera-helper (platform 1 = macOS, same directory) gets both slices ticketed automatically by the ordinary outer-app notarization — confirming the pipeline is fine and the dylib's platform is the differentiator.
  • A pre-hook submission from 2026-06-08 shows the identical skip pattern (x86_64 ticketed, arm64 not), so this is consistent Apple policy, not a transient failure.

Why revert rather than keep

  • The only thing the hook achieves — ticketing the x86_64 slice — was already done by the 2026-06-08 submission. Tickets are permanent and the cdhash is stable across re-signing, so Intel coverage for the current binary persists without the hook.
  • The hook adds four blocking notarytool --wait round-trips per macOS release (~75s when Apple is fast, up to a 45-minute hang each on a stuck submission) and hard-fails the release on any notary error — release-blocking risk for zero arm64 benefit.
  • Keeping it codifies a false conclusion: the code claims to close the Gatekeeper gap for these dylibs, and it cannot.

What this does not change

  • Outer app signing, hardened runtime, notarization, and stapling are untouched (notarize: isMacRelease remains). Shipped artifacts were never functionally affected by the hook — it was build-time only.
  • Issue #6877 will be reopened; the follow-up investigation is whether the per-file spctl rejection actually causes the reported syspolicyd "Malware rejection" at launch (embedded simulator binaries are normal — Xcode ships many). If it does, the fix direction is keeping the dylib out of Gatekeeper's assessment path, not notarization.

Validation

  • git revert of the squash commit ee8bdf1 applied cleanly; no commits since the merge touch these files.
  • pnpm exec vitest run --config config/vitest.config.ts config/scripts/electron-builder-config.test.mjs — 19 passed (pre-Notarize serve-sim camera dylibs in macOS releases #7077 baseline).
  • pnpm exec oxfmt --check and pnpm exec oxlint on both files — clean.
  • grep confirms no afterSign/notarizeMacServeSim references remain; outer notarize: isMacRelease intact.

Made with Orca 🐋

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ad17cf83-3b75-4e52-bcfa-0d2c9087fa2d

📥 Commits

Reviewing files that changed from the base of the PR and between 2fff91e and 698a8d0.

📒 Files selected for processing (2)
  • config/electron-builder.config.cjs
  • config/scripts/electron-builder-config.test.mjs

📝 Walkthrough

Walkthrough

This change removes the macOS serve-sim camera dylib notarization subsystem from the Electron Builder configuration, including its host abstraction, submission/verification loop, credential handling, and test-only exports. It replaces the prior afterSign notarization hook with an afterPack hook that prunes packaged runtime node_modules, fixes executable permissions for CLI and serve-sim helper binaries, and signs the nested Orca Computer Use helper app on macOS. Corresponding unused imports were trimmed, and the test suite was updated to remove notarization-related test infrastructure and cases while retaining packaging/pruning assertions.

Changes

Cohort / File(s) Summary
afterPack hook replacing afterSign notarization
config/electron-builder.config.cjs
Removed macOS notarization subsystem (host abstraction, submission, credentials, redacted error handling, test exports); replaced afterSign with afterPack hook for node_modules pruning, permission fixes, and helper app signing; trimmed unused imports.
config/scripts/electron-builder-config.test.mjs Removed notarization test helpers, environment-variable setup, and afterSign-related test cases; updated imports to drop unused dirname and vi.

Sequence Diagram(s)

sequenceDiagram
  participant ElectronBuilder
  participant afterPackHook
  participant NodeModules
  participant OrcaComputerUseApp
  ElectronBuilder->>afterPackHook: invoke after packaging
  afterPackHook->>NodeModules: prune and validate runtime dependencies
  afterPackHook->>afterPackHook: chmod CLI and serve-sim helper binaries
  afterPackHook->>OrcaComputerUseApp: signMacComputerUseHelper (macOS only)
Loading

Estimated code review effort: 3/5 (High complexity in the config file due to logic replacement, medium in tests)

Related PRs: None identified

Suggested labels: build, electron, macos

Suggested reviewers: None identified


🐰 A notarizer's script fades away,
afterPack now leads the way,
prune the modules, chmod the bin,
sign the helper app within,
hop along, the build's clean today.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description has summary and validation details, but it omits required Screenshots, Testing, AI Review Report, Security Audit, and Notes sections. Add the missing template sections and complete the testing checklist, screenshots/no visual change, AI review, security audit, and notes.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately and concisely summarizes the main change: reverting macOS serve-sim notarization.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@brennanb2025 brennanb2025 merged commit d6fb8e0 into main Jul 3, 2026
7 checks passed
@brennanb2025 brennanb2025 deleted the brennanb2025/revert-7077-simcam-dylib-notarization branch July 3, 2026 01:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant