[MacPorts] #70232: Many, maybe all, binaries generating "code object is not signed at all" -67062 errors in Console
MacPorts
noreply at macports.org
Thu Jun 20 10:56:09 UTC 2024
#70232: Many, maybe all, binaries generating "code object is not signed at all"
-67062 errors in Console
---------------------+------------------------
Reporter: 1dolla | Owner: admin@…
Type: defect | Status: new
Priority: Low | Milestone:
Component: base | Version: 2.9.3
Resolution: | Keywords: highsierra
Port: |
---------------------+------------------------
Comment (by 1dolla):
Replying to [comment:4 ryandesign]:
> If we do need to sign everything on some Intel versions of macOS, then
someone would have to write the MacPorts base code to do that. But more
than that, we would somehow need to communicate to all MacPorts users on
those OS versions that all ports they've installed should be reinstalled,
and we would somehow need to cause our automated build system to rebuild
all packages on those OS versions. Such a rebuild would be a colossal
undertaking that would likely keep our build machines busy for months. (We
have almost 40,000 ports in MacPorts now.)
To the extent that you think it at least in principle would be a good idea
to change, perhaps just builds going forward being signed would suffice. I
assume I'm the first to report on this (I couldn't find any other)? That
should speak to how big of an issue this is with people :)
There's also the question of how this would work when binaries are built
on the user's machine. Obviously those can't be signed with a MacPorts
certificate, since that part of it would be private...
Perhaps an option in `port` could handle this, and possibly allow for
signing with a local certificate.
Again, if it's even something you consider :)
Either way, thanks for listening to me :)
--
Ticket URL: <https://trac.macports.org/ticket/70232#comment:6>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list