trying to understand the --no-exec activate option (on by default?)

René J. V. Bertin rjvbertin at
Mon Dec 10 15:40:21 UTC 2018

Rainer Müller wrote:

> No, it cannot be done in the destroot, as that are the files that will
> be put into an archive for redistribution. Whatever signing identity you
> are using might not be valid everywhere.

This would work for an official MacPorts signing identity + certificate. That 
would also violate the reproducible build principle while probably only very few 
ports really need signing with an official Apple certificate.

FWIW, port:lldb-6.0 seems to be one of those. I cannot get it to work on 10.9.5

But the majority of software I've seen that needs to be signed (in order to 
allow incoming connections once and for all, for instance) can be signed with 
the so-called default identify. And that can also be done in the destroot, 
assuming that this identify is the same everywhere, and not something host-

More information about the macports-dev mailing list