installMacOS.bash: detect expired cert and stop nuking the source tree#909
Open
mairas wants to merge 1 commit into
Open
installMacOS.bash: detect expired cert and stop nuking the source tree#909mairas wants to merge 1 commit into
mairas wants to merge 1 commit into
Conversation
… RECORD bug `codesign` reports an expired self-signed code-signing identity as "no identity found", which is misleading and a known source of long debugging sessions. Verify that at least one certificate with the configured common name is unexpired before invoking codesign, and abort with an actionable message otherwise (recreate the cert, ideally with a multi-year validity period). Additionally, KiCad ships pip 22.0.4 with its bundled framework Python. Combined with legacy setuptools, `pip install -e .` registers source-tree files in the install RECORD. A subsequent reinstall therefore uninstalls the previous version using that RECORD and silently deletes the source checkout before the new install runs. Pre-emptively uninstall any existing kikit from a scratch directory so any stale relative paths in the RECORD resolve to nothing and cannot harm the source tree. Both checks are no-ops on a healthy first run. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two papercuts that bit me on a second
-einstall today.codesignreports an expired self-signed identity asno identity found, costing a lot of debugging time. Pre-flight check rejects an expired/missing cert with a clear message and a hint to recreate it with a long validity period. Multiple certs sharing the common name are tolerated — the install proceeds if any of them is still valid, sincecodesignwill pick one of those.pip install -e .registers source-tree files in the install RECORD, so the next install's uninstall step then deletes the working copy before the new install runs. Pre-uninstall any existing kikit from a scratch directory so a bogus RECORD has nothing local to harm.Both checks are no-ops on a clean first run.
Test plan
sudo ./scripts/installMacOS.bash -eagainst an existing editable install on macOS 26.3.1 + KiCad 10.0.1 no longer deletes the source tree.🤖 Generated with Claude Code