trying to understand the --no-exec activate option (on by default?)
Rainer Müller
raimue at macports.org
Thu Nov 29 23:26:26 UTC 2018
On 29.11.18 23:25, Fred Wright wrote:
> In the particular case of code signing, would it be possible to do that
> in the post-destroot phase, so that the signature would remain across
> activations and deactivations, or does the signature mechanism defend
> against that (even though a verbatim copy of signed code should still be
> signed)?
No, it cannot be done in the destroot, as that are the files that will
be put into an archive for redistribution. Whatever signing identity you
are using might not be valid everywhere.
We had a lengthy thread about code signing quite a while ago with a few
different proposals:
https://lists.macports.org/pipermail/macports-dev/2016-September/033518.html
Rainer
More information about the macports-dev
mailing list