[OpenAFS] Re: Providing signed packages (was Re: any experiences
with OpenAFS client ...)
D Brashear
shadow@gmail.com
Fri, 24 Oct 2014 09:06:40 -0400
--001a113d4fec0ed87305062adaab
Content-Type: text/plain; charset=UTF-8
It's worth noting, OSXFUSE is signed.
codesign --display -vvv
/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext
Executable=/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext/Contents/MacOS/osxfusefs
Identifier=com.github.osxfuse.filesystems.osxfusefs
[]
Authority=Developer ID Application: Benjamin Fleischer (3T5GSNBU6W)
[]
On Thu, Oct 23, 2014 at 9:52 PM, Brandon Allbery <ballbery@sinenomine.net>
wrote:
> On Thu, 2014-10-23 at 20:37 -0500, Andrew Deason wrote:
> > On Thu, 23 Oct 2014 18:27:27 -0400
> > Stephen Joyce <stephen@email.unc.edu> wrote:
> >
> > > In any case, OpenAFS is not the only project which must decide how to
> > > move forward in this scenario. It might be instructive to see how
> > > macports, homebrew, etc. respond.
> >
> > Those won't involve kexts (if they even use Apple's signing framework at
> > all? Installing a package via macports doesn't go through the OS X
> > packaging system). I would imagine there are not many software projects
> > that provide kexts on OS X that are signed by a non-commercial entity,
> > but have commercial organizations related to them.
>
> In fact there are several MacPorts ports that install kexts, notably
> (and rather commonly) osxfuse. We're only just starting to look at
> possible solutions, but the fact that ports are usually built locally
> for both MacPorts and Homebrew introduces complications that OpenAFS
> won't face.
>
> --
> brandon s allbery kf8nh sine nomine associates
> allbery.b@gmail.com ballbery@sinenomine.net
> unix openafs kerberos infrastructure xmonad http://sinenomine.net
>
--
D
--001a113d4fec0ed87305062adaab
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">It's worth noting, OSXFUSE is signed. <br><br>codesign=
--display -vvv /Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext<br=
>Executable=3D/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext/Cont=
ents/MacOS/osxfusefs<br>Identifier=3Dcom.github.osxfuse.filesystems.osxfuse=
fs<br>[]<br>Authority=3DDeveloper ID Application: Benjamin Fleischer (3T5GS=
NBU6W)<br>[]<br><br></div><div class=3D"gmail_extra"><br><div class=3D"gmai=
l_quote">On Thu, Oct 23, 2014 at 9:52 PM, Brandon Allbery <span dir=3D"ltr"=
><<a href=3D"mailto:ballbery@sinenomine.net" target=3D"_blank">ballbery@=
sinenomine.net</a>></span> wrote:<br><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><spa=
n class=3D"">On Thu, 2014-10-23 at 20:37 -0500, Andrew Deason wrote:<br>
> On Thu, 23 Oct 2014 18:27:27 -0400<br>
> Stephen Joyce <<a href=3D"mailto:stephen@email.unc.edu">stephen@ema=
il.unc.edu</a>> wrote:<br>
><br>
> > In any case, OpenAFS is not the only project which must decide ho=
w to<br>
> > move forward in this scenario. It might be instructive to see how=
<br>
> > macports, homebrew, etc. respond.<br>
><br>
> Those won't involve kexts (if they even use Apple's signing fr=
amework at<br>
> all? Installing a package via macports doesn't go through the OS X=
<br>
> packaging system). I would imagine there are not many software project=
s<br>
> that provide kexts on OS X that are signed by a non-commercial entity,=
<br>
> but have commercial organizations related to them.<br>
<br>
</span>In fact there are several MacPorts ports that install kexts, notably=
<br>
(and rather commonly) osxfuse. We're only just starting to look at<br>
possible solutions, but the fact that ports are usually built locally<br>
for both MacPorts and Homebrew introduces complications that OpenAFS<br>
won't face.<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
--<br>
brandon s allbery kf8nh=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sine nomine associates<br>
<a href=3D"mailto:allbery.b@gmail.com">allbery.b@gmail.com</a>=C2=A0 =C2=A0=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 <a href=3D"mailto:ballbery@sinenomine.net">ballbery@sinen=
omine.net</a><br>
unix openafs kerberos infrastructure xmonad=C2=A0 =C2=A0 =C2=A0 =C2=A0 <a h=
ref=3D"http://sinenomine.net" target=3D"_blank">http://sinenomine.net</a><b=
r>
</font></span></blockquote></div><br><br clear=3D"all"><br>-- <br><div dir=
=3D"ltr">D</div>
</div>
--001a113d4fec0ed87305062adaab--