On 2016-09-09 10:17, René J.V. Bertin wrote: > On Thursday September 08 2016 16:03:21 Jeremy Huddleston Sequoia wrote: > >> That's not really necessary. All that is relevant is that the macports user >> has read access to the file. > > The fact that codesign only accepts keychain file arguments that are also in > the user's keychain search list may have something to do with that.
At least on OS X 10.10 Yosemite, I can use any path to a keychain with `codesign --keychain`. This keychain does not have to be listed in `security list-keychains`. >>> Technically it doesn't really matter if it's implemented in "base" or in a >>> PortGroup, right? >> >> In order for *every* port to benefit, it needs to be in base. > > I don't see this argument. Are you considering codesigning each and every > binary automatically, without any need for requesting that from the Portfile? > What's the point in that? > OTOH, if portfile devs have to indicate which binary is to be signed they can > just as well add a PortGroup to be able to access that functionality. I also have the impression we are talking about different things here. I only want to add code-signing to the binaries that require it to work, such as gdb and lldb. I see no reason to and no benefits in adding a (ad-hoc) signature to every binary MacPorts creates. Rainer _______________________________________________ macports-dev mailing list macports-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-dev
