trying to understand the --no-exec activate option (on by default?)

René J. V. Bertin rjvbertin at gmail.com
Sun Dec 23 09:52:05 UTC 2018


Rainer Müller wrote:

> No, it cannot be done in the destroot, as that are the files that will
> be put into an archive for redistribution. Whatever signing identity you
> are using might not be valid everywhere.

To come back to this: I think the argument here is that the signing identity is 
likely not to exists anywhere but on the builder's machine, at least not when 
it's backed by an official, paid Apple certificate.
I have presented an approach where the signing user and identity are obtained 
from a config file. That would allow signing in the destroot (the default identity 
could be used on the build bots) but there's the reproducible build principle 
which some would say would be violated.

To come back to the original topic: I have another example where I'm bitten by 
the (de)activate "hooks" not triggering as you'd expect. In my ZFS port I load 
launchd plists in the post-activate, and unload them in the pre-deactivate:
https://github.com/RJVB/macstrop/blob/9145d46e43042a95a645b8aad1f63bec678af253/sysutils/zfs/Portfile#L278
This only works after an install or upgrade.
The pre-deactivate may work because after I activated a different version I was 
left without the daemons that should be running (but that can also be because 
launchd detected that the binaries had been changed).
I'll try to do some more research, but I noticed that port:xinit does the same 
thing.



More information about the macports-dev mailing list