Re: Questions about QEMU exception

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Questions about QEMU exception

From:	Li, Kevin
Subject:	Re: Questions about QEMU exception
Date:	Wed, 9 Nov 2022 17:35:16 +0000

Hi Peter,

We first install via homebrew and then extract the executables (qemu-img and 
qemu-system-xxx) out.
We recently did this, so it should be the latest version of qemu via homebrew, 
and our package is for MacOS, which needs sign and notarize.
If we extract in this way, and use it on other env without signing, it will 
show the unidentified developer, so we sign it along with other executables.
We uses these executables to pack a pkg installer, so first we sign all the 
executables including qemu, and then sign the pkg, and finally notarize the pkg.
I think the previous error I mentioned maybe caused by we didn't sign qemu with 
the entitlement, so I signed with the entitlement with following keys:
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.hypervisor</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
However, even I signed it, qemu still show unidentified developer pop up, which 
doesn't not happen to other executables.
Please let me know if you have any clue or suggestion with it. Thanks in 
advance.

Thanks,
Kevin

On 2022-11-09, 2:10 AM, "Peter Maydell" <peter.maydell@linaro.org> wrote:

    CAUTION: This email originated from outside of the organization. Do not 
click links or open attachments unless you can confirm the sender and know the 
content is safe.

    On Wed, 9 Nov 2022 at 01:53, Li, Kevin <cnkevin@amazon.com> wrote:
    >
    > Hi qemu community,
    >
    >
    >
    > We are working on some open source project which uses qemu on mac, and we 
have some signing process to sign qemu-system-x86_64.
    >
    > If qemu-system-x86_64 is not signed, we don’t see any problem, but after 
sign it, we got the following error:
    >
    >
    >
    > qemu-system-x86_64 -M none -netdev help]: stdout=\"Accelerators supported 
in QEMU binary:\\ntcg\\nhax\\nhvf\\n\", stderr=\"qemu-system-x86_64: allocate 
1073741824 bytes for jit buffer: Invalid argument
    >
    >
    >
    > Does anyone has clue about what change may result in this failure?

    You don't say which QEMU version you're using. Does it still happen
    with the most recent release? Does it still happen if you build
    from current head-of-git ?

    PS: I think the QEMU build process should already be signing the executable,
    so I'm not sure why you need to sign it again (see scripts/entitlement.sh).

    thanks
    -- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

Questions about QEMU exception, Li, Kevin, 2022/11/08
- Re: Questions about QEMU exception, Alex Bennée, 2022/11/09
- Re: Questions about QEMU exception, Peter Maydell, 2022/11/09
  - Re: Questions about QEMU exception, Li, Kevin <=

Prev by Date: Re: [PATCH 09/13] block: Remove subtree drains
Next by Date: [PATCH] qga: Allow building of the guest agent without system emulators or tools
Previous by thread: Re: Questions about QEMU exception
Next by thread: [PATCH v2] target/loongarch: Fix loongarch fdt addr confict
Index(es):
- Date
- Thread