[MacPorts] #51504: codesigning portgroup

MacPorts noreply at macports.org
Fri May 27 10:33:26 PDT 2016


#51504: codesigning portgroup
-------------------------+--------------------------------
 Reporter:  rjvbertin@…  |      Owner:  macports-tickets@…
     Type:  enhancement  |     Status:  new
 Priority:  Normal       |  Milestone:
Component:  ports        |    Version:
 Keywords:               |       Port:
-------------------------+--------------------------------
 We had a very short discussion about some kind of support for code-
 signing, somewhere last week.

 I have since remembered that KDE PIM applications have a habit of causing
 `do you want application akonadi_foo_agent to accept incoming connections`
 unless they're signed even by a self-signed key.

 I've thus whipped up a very rudimentary PortGroup to provide a `codesign`
 procedure that is a priori to be called during the `post-activate`.
 The principle is simple: if `${prefix}/etc/macports/codesign-identify.tcl`
 exists, the procedure attempts to read a variable `identity` from it which
 must be a non-empty string . If that succeeds, all files passed in the
 argument(s) to `codesign` are signed, one by one.

 I don't really have any suggestions how to handle errors during this
 operation, so I'm just ignoring them.

 There is of course a rather evident source of error here: signing
 identities correspond to a certificate that must be stored in a keychain
 on the calling user's keychain list. It turns out that even with
 `macportsuser` set to myself (I know, bad)  my regular signing identity
 isn't found, not even when I invoke the procedure from a Portfile "root"
 (to test with `port info foo`). I don't understand why that is (it is
 found when I `sudo codesign -s identity ...`) . It might thus be necessary
 to store the key in the/a system keychain and instruct `codesign` to use
 that chain?
 Other than that the procedure works, using `set identity "-"` to sign with
 an ad-hoc key.

-- 
Ticket URL: <https://trac.macports.org/ticket/51504>
MacPorts <https://www.macports.org/>
Ports system for OS X


More information about the macports-tickets mailing list