Here's a bit of dreaming out loud about MacPorts under Mountain Lion and future architectures in a Gatekeeper world.
With Gatekeeper, there are three (or four) tiers of binary deliver we
can/should/might consider signing:
(a) The MacPorts installer should be signed.
(b) The MacPorts-installation should be signed. The binaries here include
daemondo, as well as the Tcl extension libraries.
(c) Binaries built by the MacPorts build-bots could be signed.
(d) Binaries built by MacPorts users could be signed.
I think this would call for at least three-different signing keys:
(1) Official MacPorts distribution signing key for (a) and (b).
(2) MacPorts build-bot signing key, for (c). This key is more
vulnerable to revocation than (1), since it is used to sign a broad variety of
software (the ports) that we have somewhat less control over, so it should
likely be distinct.
(3) The MacPorts user could have a per-user or per-machine signing key
with which to sign software built by the user on their machine.
If it's possible and feasible to sign binaries for ports, then a per-user
and/or per-machine key should be used to sign binaries for each port built. It
would be very nice if this didn't require per-port changes, and could be done
wholesale.
One approach I've pondered:
- Create an additional phase ("sign") to code-sign. Maybe this would run on
the destroot?
- The sign phase would examine all files (in the destroot?), and sign each
binary (executable, library or framework?) (if not already signed?).
- The signing key would be per-user/per-machine. So on the build-bot this
would be the configured build-bot key (2), and on a user machine it would be
the user's key. If no key then no signing.
It seems plausible that all that could be accomplished without too many huge
hacks. I likely won't work on any of that any time soon, but thought I'd expose
my thinking in case anybody else is so-inclined.
I believe Josh has put in the work already to at least accomplish (a). Do we
need to create an apple-recognized official signing key for (1) before we
distribute that?
James
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
