Re: Questions about QEMU exception

Wed, 09 Nov 2022 09:36:21 -0800 

Hi Peter,

We first install via homebrew and then extract the executables (qemu-img and 
qemu-system-xxx) out.
We recently did this, so it should be the latest version of qemu via homebrew, 
and our package is for MacOS, which needs sign and notarize.
If we extract in this way, and use it on other env without signing, it will 
show the unidentified developer, so we sign it along with other executables.
We uses these executables to pack a pkg installer, so first we sign all the 
executables including qemu, and then sign the pkg, and finally notarize the pkg.
I think the previous error I mentioned maybe caused by we didn't sign qemu with 
the entitlement, so I signed with the entitlement with following keys:
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.hypervisor</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
However, even I signed it, qemu still show unidentified developer pop up, which 
doesn't not happen to other executables.
Please let me know if you have any clue or suggestion with it. Thanks in 
advance.

Thanks,
Kevin


On 2022-11-09, 2:10 AM, "Peter Maydell" <peter.mayd...@linaro.org> wrote:

    CAUTION: This email originated from outside of the organization. Do not 
click links or open attachments unless you can confirm the sender and know the 
content is safe.



    On Wed, 9 Nov 2022 at 01:53, Li, Kevin <cnke...@amazon.com> wrote:
    >
    > Hi qemu community,
    >
    >
    >
    > We are working on some open source project which uses qemu on mac, and we 
have some signing process to sign qemu-system-x86_64.
    >
    > If qemu-system-x86_64 is not signed, we don’t see any problem, but after 
sign it, we got the following error:
    >
    >
    >
    > qemu-system-x86_64 -M none -netdev help]: stdout=\"Accelerators supported 
in QEMU binary:\\ntcg\\nhax\\nhvf\\n\", stderr=\"qemu-system-x86_64: allocate 
1073741824 bytes for jit buffer: Invalid argument
    >
    >
    >
    > Does anyone has clue about what change may result in this failure?

    You don't say which QEMU version you're using. Does it still happen
    with the most recent release? Does it still happen if you build
    from current head-of-git ?

    PS: I think the QEMU build process should already be signing the executable,
    so I'm not sure why you need to sign it again (see scripts/entitlement.sh).

    thanks
    -- PMM

Reply via email to