trying to understand the --no-exec activate option (on by default?)
René J. V. Bertin
rjvbertin at gmail.com
Mon Dec 10 15:40:21 UTC 2018
Rainer Müller wrote:
> No, it cannot be done in the destroot, as that are the files that will
> be put into an archive for redistribution. Whatever signing identity you
> are using might not be valid everywhere.
This would work for an official MacPorts signing identity + certificate. That
would also violate the reproducible build principle while probably only very few
ports really need signing with an official Apple certificate.
FWIW, port:lldb-6.0 seems to be one of those. I cannot get it to work on 10.9.5
But the majority of software I've seen that needs to be signed (in order to
allow incoming connections once and for all, for instance) can be signed with
the so-called default identify. And that can also be done in the destroot,
assuming that this identify is the same everywhere, and not something host-
specific.
More information about the macports-dev
mailing list