Hello, here is an older concept from 2016 I had written for gdb/lldb as Apple began to require code-signing for debuggers. This applies to more actions by now, but with the same requirements. The replies are also relevant and discuss alternatives.
https://lists.macports.org/pipermail/macports-dev/2016-September/033518.html I still think adding a local private key to the trust store for code-signing at install/activation time is the only option. I do not see that code-signing binary archives created on the buildbots would be a feasible approach. This would essentially turn MacPorts into a binary-only distribution. Most parts are not ready for that and features like rev-upgrade rely on local rebuilds. Rainer
