diff --git a/dev/ci/lib/setup-container.sh b/dev/ci/lib/setup-container.sh index 4ea8d10190..2b72b7b33a 100644 --- a/dev/ci/lib/setup-container.sh +++ b/dev/ci/lib/setup-container.sh @@ -18,7 +18,11 @@ header2 "Creating test/config.json" if [[ "$OS" = linux ]]; then run cp test/config.json.travis test/config.json else - sed -e "s/_AUTHORITY_/Developer/" -e "s/_USER_/$USER/" test/config.json.travis-osx > test/config.json + sed \ + -e "s/_AUTHORITY_/Developer/" \ + -e "s|_KEYCHAIN_|/Library/Keychains/System.keychain|" \ + -e "s/_USER_/$USER/" \ + test/config.json.travis-osx > test/config.json fi echo "+ Done." echo diff --git a/dev/ci/setup-host b/dev/ci/setup-host index 07f8d557ce..e7d3972672 100755 --- a/dev/ci/setup-host +++ b/dev/ci/setup-host @@ -36,7 +36,7 @@ if [ "${GITHUB_ACTIONS:-false}" = "true" ]; then if [ "$OS" = "macos" ]; then brew update brew install ccache - sudo security add-trusted-cert -d -r trustRoot -p codeSign "$PASSENGER_ROOT/dev/ci/Certificates.cer" + sudo security add-trusted-cert -d -r trustRoot -p codeSign -k /Library/Keychains/System.keychain "$PASSENGER_ROOT/dev/ci/Certificates.cer" fi echo diff --git a/test/config.json.example b/test/config.json.example index 8db83e72a4..923baaf561 100644 --- a/test/config.json.example +++ b/test/config.json.example @@ -37,8 +37,9 @@ // On macOS, Apache requires that all modules be code signed. // Create a certificate yourself (be sure to enable the "Code Signing" capability) - // and specify the certificate name here. + // and specify the certificate name and keychain here. "codesigning_identity": "", + "codesigning_keychain": "", // If you want to run the Nginx integration tests, then set the following // config option to the full path of the Nginx binary. This Nginx binary *must* diff --git a/test/config.json.travis-osx b/test/config.json.travis-osx index 4f265bc3db..06b6b3070d 100644 --- a/test/config.json.travis-osx +++ b/test/config.json.travis-osx @@ -10,5 +10,6 @@ "nonexistant_uid": 9999, "nonexistant_gid": 9999, "codesigning_identity": "_AUTHORITY_", +"codesigning_keychain": "_KEYCHAIN_", "nginx": "/tmp/nginx/sbin/nginx" } diff --git a/test/integration_tests/apache2_tests.rb b/test/integration_tests/apache2_tests.rb index 88bf712b5f..c332a111b9 100644 --- a/test/integration_tests/apache2_tests.rb +++ b/test/integration_tests/apache2_tests.rb @@ -75,6 +75,9 @@ def create_apache2_controller if CONFIG.has_key?('codesigning_identity') @apache2.set(codesigning_identity: CONFIG['codesigning_identity']) end + if CONFIG.has_key?('codesigning_keychain') + @apache2.set(codesigning_keychain: CONFIG['codesigning_keychain']) + end if Process.uid == 0 @apache2.set( :www_user => CONFIG['normal_user_1'], diff --git a/test/support/apache2_controller.rb b/test/support/apache2_controller.rb index 5bb3309d10..c010da60d4 100644 --- a/test/support/apache2_controller.rb +++ b/test/support/apache2_controller.rb @@ -95,7 +95,7 @@ def start if @codesigning_identity require 'open3' - stdout, stderr, status = Open3.capture3("codesign", "--force", "-s", @codesigning_identity, "--keychain", File.expand_path("~/Library/Keychains/login.keychain-db"), @mod_passenger) + stdout, stderr, status = Open3.capture3("codesign", "--force", "-s", @codesigning_identity, "--keychain", File.expand_path(@codesigning_keychain), @mod_passenger) if !status.success? raise "Could not sign Apache module at #{@mod_passenger} with authority #{@codesigning_identity}: #{stderr}" end