-
-
Notifications
You must be signed in to change notification settings - Fork 12
Commit c53daac
Wrap signing certificate password in single quotes to prevent corruption
High quality passwords may contain characters with special treatment by the shell (e.g., $).
The release workflows contain a command that imports the macOS code signing certificate to the runner machine's
keychain. The command references a GitHub Actions secret that contains the password of the certificate.
Previously, that reference was wrapped in double quotes. This resulted in the password string being subject to shell
expansions. If the password contained characters that incidentally resemble shell code, this resulted in the corruption
of the password, nd thus a spurious failure of the release workflow:
```
security: SecKeychainItemImport: The user name or passphrase you entered is not correct.
```1 parent 6e865aa commit c53daac
File tree
2 files changed
+2
-2
lines changed- .github/workflows
2 files changed
+2
-2
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
140 | 140 | | |
141 | 141 | | |
142 | 142 | | |
143 | - | ||
143 | + | ||
144 | 144 | | |
145 | 145 | | |
146 | 146 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
150 | 150 | | |
151 | 151 | | |
152 | 152 | | |
153 | - | ||
153 | + | ||
154 | 154 | | |
155 | 155 | | |
156 | 156 | | |
| |||
0 commit comments