unsigned kexts on Yosemite

Landon Fuller landonf at macports.org
Tue Jun 9 13:42:11 PDT 2015 

On Jun 6, 2015, at 2:53, René J.V. Bertin <rjvbertin at gmail.com> wrote:

> On Friday June 05 2015 17:45:22 Landon Fuller wrote:
> 
>> but if that does work in Yosemite, it seems very likely to break in Yosemite+1 of OS X when they start applying additional iOS-style restrictions based on code signing entitlements + MAC.
> 
> Which would probably render kextd patching useless too?

Yep! Now we’re back to square one, with users having to disable kext signing *AND* ‘rootless’.

> The code that enforces all these things wouldn't be available via opensource.apple.com, would it?

Some of the underlying implementation is — such as the TrustedBSD-derived MAC framework. The stuff built on top of that is hit-and-miss; for example (and IIRC), the Sandbox.kext that sits on top of MAC is closed source.

Obviously the sources for anything newly added for 10.11 will probably not appear for a while.

> 
>> 
>> Personally, I’m just staying with Mavericks.
> 
> If it had been feasible I'd have stayed with 10.6 but sadly Apple know how to make you update, and now that OS updates are free 3rd party providers are adopting the attitude that there's nothing keeping you from doing so (this was just discussed on a Qt ML).
> [OT]
> For me personally that means I may be leaving the Apple ecosystem sooner than I'd have thought, also because I wouldn't even know what to buy to replace my current MBP if I had to. Not that the situation appears to be any different with other manufacturers: apparently it's gone out of vogue to want a compact laptop with solid build quality, a powerful CPU (i7 style), upgradable RAM and 2.5" form-factor HDD/SDD, a good selection of ports including wired ethernet and at least the possibility not to add a $$$ fancy display because one already has a fine external display. All for the price of an MBP 13" ... minus the Apple Tax if possible.
> For a while I thought I'd found a suitable OS X replacement in Linux + KDE4, but "KDE5" is becoming unavoidable while still far from production-ready IMO, and the same Ivvy Johnny style short-sighed design decisions have been made there that will almost unavoidably lead to yet another overhaul when they go out of fashion in 9 months or so.
> All this really makes me feel ripe for retirement while being far from ready for it :-/
> (IT is great - pass the prozac and I'll have a dab of Botax too :))
> [/OT]

Yep.

-landonf

More information about the macports-dev mailing list