[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Questions about QEMU exception
From: |
Li, Kevin |
Subject: |
Re: Questions about QEMU exception |
Date: |
Wed, 9 Nov 2022 17:35:16 +0000 |
Hi Peter,
We first install via homebrew and then extract the executables (qemu-img and
qemu-system-xxx) out.
We recently did this, so it should be the latest version of qemu via homebrew,
and our package is for MacOS, which needs sign and notarize.
If we extract in this way, and use it on other env without signing, it will
show the unidentified developer, so we sign it along with other executables.
We uses these executables to pack a pkg installer, so first we sign all the
executables including qemu, and then sign the pkg, and finally notarize the pkg.
I think the previous error I mentioned maybe caused by we didn't sign qemu with
the entitlement, so I signed with the entitlement with following keys:
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.hypervisor</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
However, even I signed it, qemu still show unidentified developer pop up, which
doesn't not happen to other executables.
Please let me know if you have any clue or suggestion with it. Thanks in
advance.
Thanks,
Kevin
On 2022-11-09, 2:10 AM, "Peter Maydell" <peter.maydell@linaro.org> wrote:
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you can confirm the sender and know the
content is safe.
On Wed, 9 Nov 2022 at 01:53, Li, Kevin <cnkevin@amazon.com> wrote:
>
> Hi qemu community,
>
>
>
> We are working on some open source project which uses qemu on mac, and we
have some signing process to sign qemu-system-x86_64.
>
> If qemu-system-x86_64 is not signed, we don’t see any problem, but after
sign it, we got the following error:
>
>
>
> qemu-system-x86_64 -M none -netdev help]: stdout=\"Accelerators supported
in QEMU binary:\\ntcg\\nhax\\nhvf\\n\", stderr=\"qemu-system-x86_64: allocate
1073741824 bytes for jit buffer: Invalid argument
>
>
>
> Does anyone has clue about what change may result in this failure?
You don't say which QEMU version you're using. Does it still happen
with the most recent release? Does it still happen if you build
from current head-of-git ?
PS: I think the QEMU build process should already be signing the executable,
so I'm not sure why you need to sign it again (see scripts/entitlement.sh).
thanks
-- PMM