Opened 7 years ago
Last modified 7 years ago
#53411 new enhancement
macports-base codesigning ? — at Version 2
| Reported by: | juju4 (Julien) | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | base | Version: | 2.4.0 |
| Keywords: | Cc: | neverpanic (Clemens Lang) | |
| Port: |
Description (last modified by ryandesign (Ryan Carsten Schmidt))
I'm using macports on Macos 10.11+10.12 and Google Santa (https://github.com/google/santa) which allows to whitelist and blacklist binaries. It can be done both by path+checksum and certificates.
It seems with most port selfupgrade/sync of macports, I got a change with /opt/local/libexec/macports/bin/tclsh8.5 and a few others. hopefully it's legit. but as it is not signed, I have to whitelist it again each time.
Is there any work to get macports base binaries signed? ideally, base and all binaries distributed by project are codesigned by macports and any locally compiled port is compiled by local user if identity is available.
I see that it has evolves positively in recents months for ports
- #51504
- https://github.com/macports/macports-ports/commit/92a031da26545716e0de1ffd6db6b33283db49cd
- #53168
So why not bring it to base :)
That would be a very helpful improvement to security.
Thanks
Change History (2)
comment:1 Changed 7 years ago by neverpanic (Clemens Lang)
| Cc: | neverpanic added |
|---|
comment:2 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)
| Description: | modified (diff) |
|---|