On macOS hosts, Lima now asks the user to sign the QEMU binary with the com.apple.security.hypervisor entitlement if the binary is not properly signed:
$ limactl start
INFO[0000] Using the existing instance "default"
WARN[0000] QEMU binary "/usr/local/bin/qemu-system-x86_64" is not properly signed with the "com.apple.security.hypervisor" entitlement error="failed to run [codesign --verify /usr/local/bin/qemu-system-x86_64]: exit status 1 (out=\"/usr/local/bin/qemu-system-x86_64: invalid signature (code or signature have been modified)\\nIn architecture: x86_64\\n\")"
? Try to sign "/usr/local/bin/qemu-system-x86_64" with the "com.apple.security.hypervisor" entitlement? (Y/n)
...Choose Y to sign the binary.
This signing is usually not needed on users' side.
However, the Homebrew bottle of QEMU v8.0.4 needs this signing due to a temporary issue of Homebrew's build infrastructure:
The Homebrew bottle of QEMU v8.0.3 is not affected by this issue.
Changes
QEMU:
- Ask to sign QEMU binary when the binary is not properly signed (#1743)
Full changes: https://github.com/lima-vm/lima/milestone/37?closed=1
Thanks to @afbjorklund
Usage
[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.
[macOS]$ lima uname
LinuxThe binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/5851291166
The sha256sum of the SHA256SUMS file itself is 006f022e19d2b03869c33ee30be694217937d8c774af7b9714e2d7659da31aa5 .