Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

macOS GateKeeper support? #2235

Closed
nekoniaow opened this issue Jun 16, 2018 · 5 comments
Closed

macOS GateKeeper support? #2235

nekoniaow opened this issue Jun 16, 2018 · 5 comments
Labels
stale

Comments

@nekoniaow
Copy link

On macOS with network monitoring tools such as Little Snitch installed, it is apparent during Nix installation that none of the nix binaries are signed using Apple GateKeeper system.

Here is what Little Snitch (rightly) reports:

“nix-channel” has no code signature. The executable can be maliciously modified without being detected. Click here to learn more about applications without a code signature.

The Apple registering fee (around $90) is relatively low and would allow automatic verification of the provenance of the Nix binaries by the system thus adding a layer of safety on top of Nix's.
@nekoniaow nekoniaow changed the title No code signature on macOS (GateKeeper support) macOS GateKeeper support? Jun 16, 2018
@veprbl
Copy link
Member

veprbl commented Jun 17, 2018

related: NixOS/nixpkgs#38624

@matthewbauer
Copy link
Member

matthewbauer commented Jun 18, 2018
edited
Loading

Yeah the only objection I would see to code signatures is that it adds impurity for bit-for-bit reproducibility but that is broken anyway on macOS for us.

@stale
Copy link

stale bot commented Feb 23, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the stale label Feb 23, 2021
@stale
Copy link

stale bot commented Apr 21, 2022

I closed this issue due to inactivity. → More info

@stale stale bot closed this as completed Apr 21, 2022
@nekoniaow
Copy link
Author

nekoniaow commented Apr 27, 2022
edited
Loading

Stale feature requests just get abandoned?
Why not simply sort them by priority instead so they have a chance to be worked on eventually?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@matthewbauer @veprbl @nekoniaow