trying to understand the --no-exec activate option (on by default?)
René J. V. Bertin
rjvbertin at gmail.com
Sun Dec 23 09:52:05 UTC 2018
Rainer Müller wrote:
> No, it cannot be done in the destroot, as that are the files that will
> be put into an archive for redistribution. Whatever signing identity you
> are using might not be valid everywhere.
To come back to this: I think the argument here is that the signing identity is
likely not to exists anywhere but on the builder's machine, at least not when
it's backed by an official, paid Apple certificate.
I have presented an approach where the signing user and identity are obtained
from a config file. That would allow signing in the destroot (the default identity
could be used on the build bots) but there's the reproducible build principle
which some would say would be violated.
To come back to the original topic: I have another example where I'm bitten by
the (de)activate "hooks" not triggering as you'd expect. In my ZFS port I load
launchd plists in the post-activate, and unload them in the pre-deactivate:
https://github.com/RJVB/macstrop/blob/9145d46e43042a95a645b8aad1f63bec678af253/sysutils/zfs/Portfile#L278
This only works after an install or upgrade.
The pre-deactivate may work because after I activated a different version I was
left without the daemons that should be running (but that can also be because
launchd detected that the binaries had been changed).
I'll try to do some more research, but I noticed that port:xinit does the same
thing.
More information about the macports-dev
mailing list