MacPorts actually does sign some apps: for example, HexFiend seems to be ad-hoc signed as a result of the Xcode build process. I don’t think GateKeeper actually comes into play here because the resulting binary never has the com.apple.quarantine xattr set. I do run with SIP and GateKeeper disabled normally, though, and Apple hasn’t released a stable build of macOS 10.14.5 yet, so I’d take my testing with a grain of salt ;)
Regards, Saagar Jha > On Apr 12, 2019, at 23:47, Joshua Root <[email protected]> wrote: > > On 2019-4-13 07:57 , Jack Howarth wrote: >> What will be the situation with 10.14.5 and its enforcement of >> notarization for Applications and kernel extensions for MacPorts? In >> particular, will the new notarization requirement limit users to the >> MacPorts build machine copies of such packages which have applications >> rather than being able to build those packages locally? >> Jack > > The MacPorts installer pkg will need to be submitted, but I don't think > much else will change. Using MacPorts-built kernel extensions is already > impossible because of signing requirements (we don't have a kext signing > certificate and I don't think we qualify for one.) > > For general apps, Gatekeeper doesn't prevent running locally built ones > due to them being unsigned, and I gather than notarization is only > required in the same circumstances as signing. (It would be incredibly > inconvenient for developers to test anything if this were not the case.) > > - Josh
