Opened 7 years ago
Last modified 7 years ago
#53411 new enhancement
macports-base codesigning ? — at Initial Version
| Reported by: | juju4 (Julien) | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | base | Version: | 2.4.0 |
| Keywords: | Cc: | ||
| Port: |
Description
I'm using macports on Macos 10.11+10.12 and Google Santa (https://github.com/google/santa) which allows to whitelist and blacklist binaries. It can be done both by path+checksum and certificates.
It seems with most port selfupgrade/sync of macports, I got a change with /opt/local/libexec/macports/bin/tclsh8.5 and a few others. hopefully it's legit. but as it is not signed, I have to whitelist it again each time.
Is there any work to get macports base binaries signed? ideally, base and all binaries distributed by project are codesigned by macports and any locally compiled port is compiled by local user if identity is available.
I see that it has evolves positively in recents months for ports https://trac.macports.org/ticket/51504 https://github.com/macports/macports-ports/commit/92a031da26545716e0de1ffd6db6b33283db49cd https://trac.macports.org/ticket/53168 So why not bring it to base :)
That would be a very helpful improvement to security.
Thanks