code-signing (log message and potential "fixes")
René J. V. Bertin
rjvbertin at gmail.com
Fri Jun 3 02:41:10 PDT 2016
Brandon Allbery wrote:
>> OpenSSL might be able to accomplish the same task and it is possible with
>> OpenSSL to write a config file that fills in all the required fields. Port
>> could write such a config per user.
> OpenSSL can certainly create the signing certificate, and security(1) can
> be used to add it to the system keychain.
See https://trac.macports.org/ticket/51504 for a very rudimentary implementation
that uses a PortGroup and a specific file in etc/macports .
It turns out that access to the user's default keychain is wonky during the
post-activate stage so it would probably indeed be necessary to add the
certificate to the system keychain. It's one of those I prefer not to mess with
directly until I really know what I'm doing.
There is however also an ad-hoc code-signing identity. As mentioned in that
ticket, I haven't found much documentation on its limitations, but using it does
seem to reduce the number of code signing warnings I'm seeing in the system.log
. As far as those are even related; I'm also seeing them about Apple's own
spindump for instance.
More information about the macports-dev