[MacPorts] #70232: Many, maybe all, binaries generating "code object is not signed at all" -67062 errors in Console

Thu Jun 20 10:56:09 UTC 2024

#70232: Many, maybe all, binaries generating "code object is not signed at all"
-67062 errors in Console
---------------------+------------------------
  Reporter:  1dolla  |      Owner:  admin@…
      Type:  defect  |     Status:  new
  Priority:  Low     |  Milestone:
 Component:  base    |    Version:  2.9.3
Resolution:          |   Keywords:  highsierra
      Port:          |
---------------------+------------------------

Comment (by 1dolla):

 Replying to [comment:4 ryandesign]:
 > If we do need to sign everything on some Intel versions of macOS, then
 someone would have to write the MacPorts base code to do that. But more
 than that, we would somehow need to communicate to all MacPorts users on
 those OS versions that all ports they've installed should be reinstalled,
 and we would somehow need to cause our automated build system to rebuild
 all packages on those OS versions. Such a rebuild would be a colossal
 undertaking that would likely keep our build machines busy for months. (We
 have almost 40,000 ports in MacPorts now.)

 To the extent that you think it at least in principle would be a good idea
 to change, perhaps just builds going forward being signed would suffice. I
 assume I'm the first to report on this (I couldn't find any other)? That
 should speak to how big of an issue this is with people :)

 There's also the question of how this would work when binaries are built
 on the user's machine. Obviously those can't be signed with a MacPorts
 certificate, since that part of it would be private...

 Perhaps an option in `port` could handle this, and possibly allow for
 signing with a local certificate.

 Again, if it's even something you consider :)

 Either way, thanks for listening to me :)

-- 
Ticket URL: <https://trac.macports.org/ticket/70232#comment:6>
MacPorts <https://www.macports.org/>
Ports system for macOS