From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Ted Reed via "Emacs development discussions." Newsgroups: gmane.emacs.devel Subject: Re: MacOS signing Date: Wed, 13 Apr 2022 15:31:10 -0700 Message-ID: <87mtgoip51.fsf@zenithia.net> References: <4543fef4-e7ac-8599-0f23-9c65caec5be3@cs.cornell.edu> <838rseaink.fsf@gnu.org> <3480a19d-02da-7424-7361-93b504ed85a8@cs.cornell.edu> <87pmllo608.fsf@mat.ucm.es> <87y2093ws6.fsf@gmail.com> Reply-To: Ted Reed Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="22575"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: mu4e 1.6.10; emacs 27.2 To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Apr 14 00:41:39 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nelgA-0005i2-QD for ged-emacs-devel@m.gmane-mx.org; Thu, 14 Apr 2022 00:41:39 +0200 Original-Received: from localhost ([::1]:44688 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nelg9-0006kF-8e for ged-emacs-devel@m.gmane-mx.org; Wed, 13 Apr 2022 18:41:37 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:54120) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1neled-0005ya-Jj for emacs-devel@gnu.org; Wed, 13 Apr 2022 18:40:03 -0400 Original-Received: from sendmail.purelymail.com ([34.202.193.197]:36464) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1neleb-0001B8-Qy for emacs-devel@gnu.org; Wed, 13 Apr 2022 18:40:03 -0400 DKIM-Signature: a=rsa-sha256; b=mMPDVMBkXkMw5klKkpi5WBhYkrRtSdEtcXM+L35S26ZjiddFSyTgJliqKNzz3CbPOXJmio1vnrjXdGZ2tK7f0g/2lSgIEP0e5uCSiwtQ13+xoz7WZEzjCJBn5CPgaQyRt4e7n6ZlY/8FGjwj10lKXKG6ARX10CsRYuleJppvGJyQDCm2gSR0xQrUOlSSXlvEszByHR1CV0sW0+zoFrI9gNf+Gv5/Heicq0r4xwi/pjnBGHTn6epTe4Rgswz1xMxv6j+GPJ4N9G9o1nVSKYLMqbupBkfWB0sMPGn9iQCo0dAr1jX86GW7dWlyjs0iyb+mnhxdfMq/zX5AHruGOVuetA==; s=purelymail2; d=zenithia.net; v=1; bh=YodYVklPUUMmNcyS7wZk9fMBAHa58ltbWtf/m2k/n2Q=; h=Received:From:To; DKIM-Signature: a=rsa-sha256; b=KQ75acwbUf48VjO2LEaqd9Wd5kaJ87pSZ9TdHYGbCDclip2h1EEpW13N86fAa3lYTnfqYPJH75b2QO5LKLLsOybocgJVE9vpEw8tX8lS+Jj4v6UlJ+XXK8Bv9KmNPM+iRg21n9arWBrdhwW0YN94ieUgzNFEoLqgo9COGZmChoaXo33R71kuGcGLJp2zPKScS2Y0KMWY68iTeEy6IBEvNQpF+J7EMaFzbYvsYfTUVXhDeMQElpr7ePMC7FJxZEA5Q+BHJqDxb7b9ZnF0cBChqNN1dBqY99utW72b1DbJ8218D6XqyjUDt/TNA8XHf9tUwj/uocaMYJ38oYQnSRl/Yw==; s=purelymail2; d=purelymail.com; v=1; bh=YodYVklPUUMmNcyS7wZk9fMBAHa58ltbWtf/m2k/n2Q=; h=Feedback-ID:Received:From:To; Feedback-ID: 3221:913:null:purelymail X-Pm-Original-To: emacs-devel@gnu.org Original-Received: by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id -776000012 for (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Wed, 13 Apr 2022 22:39:54 +0000 (UTC) In-reply-to: <87y2093ws6.fsf@gmail.com> Received-SPF: pass client-ip=34.202.193.197; envelope-from=treed@zenithia.net; helo=sendmail.purelymail.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:288374 Archived-At: Robert Pluim writes: > Newer versions of macOS will still let you run unsigned > software. Depending on how you launch the program, you may have to > perform extra steps via the Security preferences panel, but it doesn=CA= =BCt > stop you. > > FWIW, I never have this problem because I launch Emacs from the cli, > which sidesteps this particular nonsense. > > (this is for macOS 11.6.5, Big Sur. Later versions may behave > differently) I have a computer running macOS 12.3, which I believe is the most recent public version and have no trouble running the nixpkgs macport (mituharu) version on it. As far as I can tell, there's no signing step in the build scripts, and I've used the same scripts to build it from scratch with a an additional build-time option without anything requiring signing that I've seen. I looked up how to verify such signatures and I think this indicates that it's not signed, although I'm not 100% certain I got the command right: =E2=9D=AF codesign -dv --verbose=3D4 /nix/store/0hysqxpi2fwrwpivza8ca7z5fr9= hyzkh-emacs-mac-27.2-8.2/Applications/Emacs.app /nix/store/0hysqxpi2fwrwpivza8ca7z5fr9hyzkh-emacs-mac-27.2-8.2/Applications= /Emacs.app: code object is not signed at all I also can launch it from the CLI or via Spotlight without any difficulty, except that Spotlight has a hard time finding the most recent version consistently, so I mostly launch from my terminal now, just to ensure it's using the right one. -- Ted Reed