On 2016-09-08 22:09, Jeremy Huddleston Sequoia wrote: >> On Sep 5, 2016, at 03:49, Rainer Müller <rai...@macports.org> wrote: >> My intention here is to describe a way how the code-signing can be >> automated. We do not gain much by providing a solution that still >> requires manual interaction by the user. Generating a certificate and >> signing the binary should be completely transparent to the user. > > That obfuscation is very bad for security purposes. We should not hide this > detail from users. It needs to be very explicit.
At the moment it is very explicit. We have no automation at all and you need to do all of the code-signing yourself or gdb/lldb will not work as intended. The alternative way, recommended in the notes of the gdb port, requires disabling SIP to edit /System/Library/com.apple.taskgated.plist, which I would consider even worse for security. See [1]. Where do you see a security risk in adding a new trusted cert? Consider that any software can already use your developer certificate from your user keychain to sign whatever it wants. You will not even be asked when that happens. I propose we add an additional keychain, readable by root only that is used to sign MacPorts binaries. As root is required to access it, your security would be defeated anyway if anyone gets to it. Rainer [1] https://trac.macports.org/ticket/49815 _______________________________________________ macports-dev mailing list macports-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-dev
