[OpenAFS] Re: Providing signed packages (was Re: any experiences with OpenAFS client ...)

D Brashear shadow@gmail.com
Fri, 24 Oct 2014 09:06:40 -0400


--001a113d4fec0ed87305062adaab
Content-Type: text/plain; charset=UTF-8

It's worth noting, OSXFUSE is signed.

codesign --display -vvv
/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext
Executable=/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext/Contents/MacOS/osxfusefs
Identifier=com.github.osxfuse.filesystems.osxfusefs
[]
Authority=Developer ID Application: Benjamin Fleischer (3T5GSNBU6W)
[]


On Thu, Oct 23, 2014 at 9:52 PM, Brandon Allbery <ballbery@sinenomine.net>
wrote:

> On Thu, 2014-10-23 at 20:37 -0500, Andrew Deason wrote:
> > On Thu, 23 Oct 2014 18:27:27 -0400
> > Stephen Joyce <stephen@email.unc.edu> wrote:
> >
> > > In any case, OpenAFS is not the only project which must decide how to
> > > move forward in this scenario. It might be instructive to see how
> > > macports, homebrew, etc. respond.
> >
> > Those won't involve kexts (if they even use Apple's signing framework at
> > all? Installing a package via macports doesn't go through the OS X
> > packaging system). I would imagine there are not many software projects
> > that provide kexts on OS X that are signed by a non-commercial entity,
> > but have commercial organizations related to them.
>
> In fact there are several MacPorts ports that install kexts, notably
> (and rather commonly) osxfuse. We're only just starting to look at
> possible solutions, but the fact that ports are usually built locally
> for both MacPorts and Homebrew introduces complications that OpenAFS
> won't face.
>
> --
> brandon s allbery kf8nh                           sine nomine associates
> allbery.b@gmail.com                              ballbery@sinenomine.net
> unix openafs kerberos infrastructure xmonad        http://sinenomine.net
>



-- 
D

--001a113d4fec0ed87305062adaab
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">It&#39;s worth noting, OSXFUSE is signed. <br><br>codesign=
 --display -vvv /Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext<br=
>Executable=3D/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext/Cont=
ents/MacOS/osxfusefs<br>Identifier=3Dcom.github.osxfuse.filesystems.osxfuse=
fs<br>[]<br>Authority=3DDeveloper ID Application: Benjamin Fleischer (3T5GS=
NBU6W)<br>[]<br><br></div><div class=3D"gmail_extra"><br><div class=3D"gmai=
l_quote">On Thu, Oct 23, 2014 at 9:52 PM, Brandon Allbery <span dir=3D"ltr"=
>&lt;<a href=3D"mailto:ballbery@sinenomine.net" target=3D"_blank">ballbery@=
sinenomine.net</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><spa=
n class=3D"">On Thu, 2014-10-23 at 20:37 -0500, Andrew Deason wrote:<br>
&gt; On Thu, 23 Oct 2014 18:27:27 -0400<br>
&gt; Stephen Joyce &lt;<a href=3D"mailto:stephen@email.unc.edu">stephen@ema=
il.unc.edu</a>&gt; wrote:<br>
&gt;<br>
&gt; &gt; In any case, OpenAFS is not the only project which must decide ho=
w to<br>
&gt; &gt; move forward in this scenario. It might be instructive to see how=
<br>
&gt; &gt; macports, homebrew, etc. respond.<br>
&gt;<br>
&gt; Those won&#39;t involve kexts (if they even use Apple&#39;s signing fr=
amework at<br>
&gt; all? Installing a package via macports doesn&#39;t go through the OS X=
<br>
&gt; packaging system). I would imagine there are not many software project=
s<br>
&gt; that provide kexts on OS X that are signed by a non-commercial entity,=
<br>
&gt; but have commercial organizations related to them.<br>
<br>
</span>In fact there are several MacPorts ports that install kexts, notably=
<br>
(and rather commonly) osxfuse. We&#39;re only just starting to look at<br>
possible solutions, but the fact that ports are usually built locally<br>
for both MacPorts and Homebrew introduces complications that OpenAFS<br>
won&#39;t face.<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
--<br>
brandon s allbery kf8nh=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sine nomine associates<br>
<a href=3D"mailto:allbery.b@gmail.com">allbery.b@gmail.com</a>=C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 <a href=3D"mailto:ballbery@sinenomine.net">ballbery@sinen=
omine.net</a><br>
unix openafs kerberos infrastructure xmonad=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a h=
ref=3D"http://sinenomine.net" target=3D"_blank">http://sinenomine.net</a><b=
r>
</font></span></blockquote></div><br><br clear=3D"all"><br>-- <br><div dir=
=3D"ltr">D</div>
</div>

--001a113d4fec0ed87305062adaab--