Open jakirkham opened 4 years ago
Just a note: actually the situation in conda-forge/gdb-feedstock#23 is a little more complicated because since GDB is a debugger, the codesigning certificate used to sign it must be in the System keychain (which is not the case for codesigning in general I think)
Ah good point. Thanks for clarifying that detail 😄
Close this issue then?
Well, there is still a problem with conda-forge/gdb-feedstock#23 under Azure, but we can talk about that there if you prefer.
I'd leave it open. Apple has been moving towards increasingly locked down environments over the years. SIP in macOS 10.11 was the first step. So wouldn't be surprised if we need to start considering additional steps to deal with these constraints.
What constraints?
Recently we ran into an issue trying to build
gdb
on macOS where codesigning was required ( https://github.com/conda-forge/gdb-feedstock/pull/23 ). Suspect this will come up more frequently especially with newer versions of macOS. Am curious if anyone has thoughts on how we should solve this? Would it be possible to start signing our packages for macOS? What would that entail?