Opened 8 years ago

Last modified 8 years ago

#53411 new enhancement

macports-base codesigning ? — at Version 2

Reported by: juju4 (Julien) Owned by:
Priority: Normal Milestone:
Component: base Version: 2.4.0
Keywords: Cc: neverpanic (Clemens Lang)
Port:

Description (last modified by ryandesign (Ryan Carsten Schmidt))

I'm using macports on Macos 10.11+10.12 and Google Santa (https://github.com/google/santa) which allows to whitelist and blacklist binaries. It can be done both by path+checksum and certificates.

It seems with most port selfupgrade/sync of macports, I got a change with /opt/local/libexec/macports/bin/tclsh8.5 and a few others. hopefully it's legit. but as it is not signed, I have to whitelist it again each time.

Is there any work to get macports base binaries signed? ideally, base and all binaries distributed by project are codesigned by macports and any locally compiled port is compiled by local user if identity is available.

I see that it has evolves positively in recents months for ports

So why not bring it to base :)

That would be a very helpful improvement to security.

Thanks

Change History (2)

comment:1 Changed 8 years ago by neverpanic (Clemens Lang)

Cc: neverpanic added

comment:2 Changed 8 years ago by ryandesign (Ryan Carsten Schmidt)

Description: modified (diff)
Note: See TracTickets for help on using tickets.