Brandon Allbery wrote: >> OpenSSL might be able to accomplish the same task and it is possible with >> OpenSSL to write a config file that fills in all the required fields. Port >> could write such a config per user. > > > OpenSSL can certainly create the signing certificate, and security(1) can > be used to add it to the system keychain.
See https://trac.macports.org/ticket/51504 for a very rudimentary implementation that uses a PortGroup and a specific file in etc/macports . It turns out that access to the user's default keychain is wonky during the post-activate stage so it would probably indeed be necessary to add the certificate to the system keychain. It's one of those I prefer not to mess with directly until I really know what I'm doing. There is however also an ad-hoc code-signing identity. As mentioned in that ticket, I haven't found much documentation on its limitations, but using it does seem to reduce the number of code signing warnings I'm seeing in the system.log . As far as those are even related; I'm also seeing them about Apple's own spindump for instance. R. _______________________________________________ macports-dev mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-dev
