[MacPorts] #53411: macports-base codesigning ?
MacPorts
noreply at macports.org
Fri Jan 27 19:44:51 UTC 2017
#53411: macports-base codesigning ?
-------------------------+-------------------
Reporter: juju4 | Owner:
Type: enhancement | Status: new
Priority: Normal | Milestone:
Component: base | Version: 2.4.0
Keywords: | Port:
-------------------------+-------------------
I'm using macports on Macos 10.11+10.12 and Google Santa
(https://github.com/google/santa) which allows to whitelist and blacklist
binaries.
It can be done both by path+checksum and certificates.
It seems with most port selfupgrade/sync of macports, I got a change with
/opt/local/libexec/macports/bin/tclsh8.5
and a few others. hopefully it's legit. but as it is not signed, I have to
whitelist it again each time.
Is there any work to get macports base binaries signed?
ideally, base and all binaries distributed by project are codesigned by
macports and any locally compiled port is compiled by local user if
identity is available.
I see that it has evolves positively in recents months for ports
https://trac.macports.org/ticket/51504
https://github.com/macports/macports-
ports/commit/92a031da26545716e0de1ffd6db6b33283db49cd
https://trac.macports.org/ticket/53168
So why not bring it to base :)
That would be a very helpful improvement to security.
Thanks
--
Ticket URL: <https://trac.macports.org/ticket/53411>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list