diff --git a/.dependabot/config.yml b/.dependabot/config.yml index d7a1d21b3f..3c6e5e1b79 100644 --- a/.dependabot/config.yml +++ b/.dependabot/config.yml @@ -2,19 +2,22 @@ version: 1 update_configs: + # Keep build.gradle files up to date, batching pull requests weekly - package_manager: "java:gradle" directory: "/android" update_schedule: "weekly" default_reviewers: - - jakubgs + - "jakubgs" allowed_updates: - match: update_type: "security" + # Keep /mobile/js_files/yarn.lock up to date, batching pull requests weekly - package_manager: "javascript" directory: "/mobile/js_files" update_schedule: "weekly" default_reviewers: - "jakubgs" + # Keep /desktop/js_files/yarn.lock up to date, batching pull requests weekly - package_manager: "javascript" directory: "/desktop/js_files" update_schedule: "weekly" diff --git a/ci/Jenkinsfile.ios b/ci/Jenkinsfile.ios index b4d5960314..bd961c258e 100644 --- a/ci/Jenkinsfile.ios +++ b/ci/Jenkinsfile.ios @@ -1,5 +1,5 @@ pipeline { - agent { label 'macos' } + agent { label 'macos-xcode-11.1' } parameters { string( @@ -27,6 +27,7 @@ pipeline { LANGUAGE = "en_US.UTF-8" TARGET_OS = 'ios' NIX_CONF_DIR = "${env.WORKSPACE}/nix" + NIX_IGNORE_SYMLINK_STORE = 1 // https://github.com/NixOS/nix/issues/2925#issuecomment-499544039 FASTLANE_DISABLE_COLORS = 1 BUNDLE_PATH = "${HOME}/.bundle" /* We use EXECUTOR_NUMBER to avoid multiple instances clashing */ diff --git a/ci/Jenkinsfile.macos b/ci/Jenkinsfile.macos index 03eb86d040..d1e2dc6957 100644 --- a/ci/Jenkinsfile.macos +++ b/ci/Jenkinsfile.macos @@ -1,5 +1,5 @@ pipeline { - agent { label 'macos' } + agent { label 'macos-xcode-11.1' } parameters { string( @@ -27,6 +27,7 @@ pipeline { LANGUAGE = "en_US.UTF-8" TARGET_OS = 'macos' NIX_CONF_DIR = "${env.WORKSPACE}/nix" + NIX_IGNORE_SYMLINK_STORE = 1 // https://github.com/NixOS/nix/issues/2925#issuecomment-499544039 VERBOSE_LEVEL = '3' /* We use EXECUTOR_NUMBER to avoid multiple instances clashing */ LEIN_HOME = "/var/tmp/lein-${EXECUTOR_NUMBER}" diff --git a/nix/mobile/default.nix b/nix/mobile/default.nix index 1bede1851a..4969736711 100644 --- a/nix/mobile/default.nix +++ b/nix/mobile/default.nix @@ -6,7 +6,7 @@ let platform = callPackage ../platform.nix { inherit target-os; }; xcodewrapperArgs = { - version = "10.2.1"; + version = "11.1"; }; xcodeWrapper = composeXcodeWrapper xcodewrapperArgs; androidPlatform = callPackage ./android { inherit config target-os mkShell mkFilter nodejs maven localMavenRepoBuilder projectNodePackage jsbundle; status-go = status-go.android; }; diff --git a/scripts/sign-macos-pkg.sh b/scripts/sign-macos-pkg.sh index ef20345445..95be1329da 100755 --- a/scripts/sign-macos-pkg.sh +++ b/scripts/sign-macos-pkg.sh @@ -101,9 +101,9 @@ echo -e "\n### Signing object..." # If `OBJECT` is a directory, we assume it's an app # bundle, otherwise we consider it to be a dmg. if [ -d "$OBJECT" ]; then - codesign --sign "$DEV_ID" --keychain "$KEYCHAIN" --deep --force --verbose=4 "$OBJECT" + codesign --sign "$DEV_ID" --keychain "$KEYCHAIN" --options runtime --deep --force --verbose=4 "$OBJECT" else - codesign --sign "$DEV_ID" --keychain "$KEYCHAIN" --force --verbose=4 "$OBJECT" + codesign --sign "$DEV_ID" --keychain "$KEYCHAIN" --options runtime --force --verbose=4 "$OBJECT" fi echo -e "\n### Verifying signature..." @@ -113,5 +113,8 @@ echo -e "\n### Assessing Gatekeeper validation..." if [ -d "$OBJECT" ]; then spctl --assess --type execute --verbose=2 "$OBJECT" else - spctl --assess --type open --context context:primary-signature --verbose=2 "$OBJECT" + echo "WARNING: The 'open' type security assesment is disabled due to lack of 'Notarization'" + # Issue: https://github.com/status-im/status-react/pull/9172 + # Details: https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution + #spctl --assess --type open --context context:primary-signature --verbose=2 "$OBJECT" fi