notarization vs MacPorts apps

Saagar Jha saagar at saagarjha.com
Sat Apr 13 22:18:46 UTC 2019


MacPorts actually does sign some apps: for example, HexFiend seems to be ad-hoc signed as a result of the Xcode build process. I don’t think GateKeeper actually comes into play here because the resulting binary never has the com.apple.quarantine xattr set. I do run with SIP and GateKeeper disabled normally, though, and Apple hasn’t released a stable build of macOS 10.14.5 yet, so I’d take my testing with a grain of salt ;)

Regards,
Saagar Jha

> On Apr 12, 2019, at 23:47, Joshua Root <jmr at macports.org> wrote:
> 
> On 2019-4-13 07:57 , Jack Howarth wrote:
>>      What will be the situation with 10.14.5 and its enforcement of
>> notarization for Applications and kernel extensions for MacPorts? In
>> particular, will the new notarization requirement limit users to the
>> MacPorts build machine copies of such packages which have applications
>> rather than being able to build those packages locally?
>>         Jack
> 
> The MacPorts installer pkg will need to be submitted, but I don't think
> much else will change. Using MacPorts-built kernel extensions is already
> impossible because of signing requirements (we don't have a kext signing
> certificate and I don't think we qualify for one.)
> 
> For general apps, Gatekeeper doesn't prevent running locally built ones
> due to them being unsigned, and I gather than notarization is only
> required in the same circumstances as signing. (It would be incredibly
> inconvenient for developers to test anything if this were not the case.)
> 
> - Josh

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20190413/004dfddb/attachment.html>


More information about the macports-dev mailing list