Add make target to sign with ad-hoc signature with correct entitlements by ychin · Pull Request #1586 · macvim-dev/macvim
ychin
added
the
Non User Facing
label
Jul 23, 2025
By default, building MacVim locally will sign with an ad-hoc signature with no entitlements. Release builds are then signed with the `macvim-signed` target which signs MacVim with a valid signature and embed the entitlments. This new target allows us to sign MacVim to have similar entitlements and behaviors as a release build without needing an Apple Developer signature. There are currently two possible use cases for this: 1. Package managers like Homebrew can use this to build MacVim to get the correct hardened runtime entitlements. 2. Reproducible builds (macvim-dev#1506) can use this to generate a reproducible artifact. Proper release builds are not reproducible since there's no way for a proper digital signature to be reproduced, but we can strip and re-sign with an ad-hoc signature reproducibly using this target for a decent compromise. Related: macvim-dev#1585
ychin
mentioned this pull request
9 tasks
ychin
deleted the
make-macvim-signed-adhoc
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters