Open jakirkham opened 4 years ago
phil-blain
commented
4 years ago Just a note: actually the situation in conda-forge/gdb-feedstock#23 is a little more complicated because since GDB is a debugger, the codesigning certificate used to sign it must be in the System keychain (which is not the case for codesigning in general I think)
jakirkham
commented
4 years ago Ah good point. Thanks for clarifying that detail 😄
isuruf
commented
4 years ago Close this issue then?
phil-blain
commented
4 years ago Well, there is still a problem with conda-forge/gdb-feedstock#23 under Azure, but we can talk about that there if you prefer.
jakirkham
commented
4 years ago I'd leave it open. Apple has been moving towards increasingly locked down environments over the years. SIP in macOS 10.11 was the first step. So wouldn't be surprised if we need to start considering additional steps to deal with these constraints.
isuruf
commented
4 years ago What constraints?
Recently we ran into an issue trying to build
gdbon macOS where codesigning was required ( https://github.com/conda-forge/gdb-feedstock/pull/23 ). Suspect this will come up more frequently especially with newer versions of macOS. Am curious if anyone has thoughts on how we should solve this? Would it be possible to start signing our packages for macOS? What would that entail?