From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Alan Third <alan@idiocy.org>
Newsgroups: gmane.emacs.devel
Subject: MacOS signing
Date: Mon, 11 Apr 2022 21:18:03 +0100
Message-ID: <YlSM+3/UdqLDzDlA@idiocy.org>
References: <4543fef4-e7ac-8599-0f23-9c65caec5be3@cs.cornell.edu>
 <838rseaink.fsf@gnu.org>
 <b4f5fa65-0bce-d985-803e-5e67d0ff21ba@cs.cornell.edu>
 <YlH1d7X283l8WNhY@idiocy.org>
 <3480a19d-02da-7424-7361-93b504ed85a8@cs.cornell.edu>
 <YlMYV8B8Rjd7tjP7@idiocy.org> <E1ndkeK-0002JB-VR@fencepost.gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="16931"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: emacs-devel@gnu.org
To: Richard Stallman <rms@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon Apr 11 22:19:25 2022
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1ne0VQ-0004Cq-MB
	for ged-emacs-devel@m.gmane-mx.org; Mon, 11 Apr 2022 22:19:24 +0200
Original-Received: from localhost ([::1]:35962 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1ne0VP-0002hs-3s
	for ged-emacs-devel@m.gmane-mx.org; Mon, 11 Apr 2022 16:19:23 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:58994)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <alan@idiocy.org>) id 1ne0UG-0001yl-OB
 for emacs-devel@gnu.org; Mon, 11 Apr 2022 16:18:12 -0400
Original-Received: from outbound.soverin.net ([116.202.126.228]:57159)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <alan@idiocy.org>)
 id 1ne0UE-0002fH-1r; Mon, 11 Apr 2022 16:18:11 -0400
Original-Received: from smtp.soverin.net (unknown [10.10.3.11])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by outbound.soverin.net (Postfix) with ESMTPS id C89FF868;
 Mon, 11 Apr 2022 20:18:04 +0000 (UTC)
Original-Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.99]) by soverin.net
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=idiocy.org; s=soverin;
 t=1649708284; bh=EGnZ0BGIhgqoyZ3CIoslGo9tCAZG7tTDTgbvV/14T9Q=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
 b=GUq4Zkr8yR/ZDsLR+VdI7GnUYMXtMTY2Lw9QLE9e7I9sS3Uw7CCcfe5A23CNa0CJG
 Mb4klNL60fhYhgsRhy5ABQgS9ogXw9zRH0JxIx7ZcmU8xTZAlYSf1525Gako+tTLKY
 6wuU/ErpUGtp+B/WO6ea3ad+VARfDx1Y81CgZylPB99SSsp6a7UZVElEwCiqqCLxwm
 n+g6GdwodkcI25i5A6dyvvHCbLPATq3ZN7LPfphjbk4LdiZbTjExan9tWZBp/lcoQF
 Vn6rdrM/YXTDGt1x7Ix1qtnXxYopJ4KdzcKsB41XZ9GfdzIgqDo2viYebihi60aF4J
 LT3RZ0z3QunTA==
Original-Received: from alan by faroe.holly.idiocy.org with local (Exim 4.95)
 (envelope-from <alan@idiocy.org>) id 1ne0U7-000NT4-In;
 Mon, 11 Apr 2022 21:18:03 +0100
Mail-Followup-To: Alan Third <alan@idiocy.org>,
 Richard Stallman <rms@gnu.org>, emacs-devel@gnu.org
Content-Disposition: inline
In-Reply-To: <E1ndkeK-0002JB-VR@fencepost.gnu.org>
Received-SPF: pass client-ip=116.202.126.228; envelope-from=alan@idiocy.org;
 helo=outbound.soverin.net
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:288246
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/288246>

On Sun, Apr 10, 2022 at 11:23:32PM -0400, Richard Stallman wrote:
> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> 
>   > It might be worth trying Jim's builds from
>   > https://github.com/jimeh/emacs-builds, as I understand it they're
>   > signed and so on, which might avoid some problems with running it.
> 
> Would some Mac expert please explain to me (off the list) what's
> going on here?

I'm not really up-to-date with the ins and outs of macOS's security
model, but as I understand it macOS expects applications to be
"signed" by some developer certificate provided by Apple.

This has never affected me because I always build my own Emacs and, at
least on the ancient version of macOS I'm running, self-built
applications are exempt from this.

There is some way to work around it. It used to be that you just had
to click through a security warning the first time the application
ran, but I think it's more complex now.

The reason I suggested the OP try Jim Myrhberg's builds over the
emacsformacosx.com ones is that not only are Jim's signed, but the
latter use a script to select and execute the Emacs binary, and that
seems to cause further trouble with the macOS security model.

Perhaps someone who actually uses macOS can explain this better.
-- 
Alan Third