On 23/03/2021 01:31, Assaf Gordon via cfarm-users wrote: > - will it compromise SIP ( > https://en.wikipedia.org/wiki/System_Integrity_Protection ) ?
Note that keeping SIP enabled completely decimates compiler regression testing performance, because it means that every time you execute a compiled binary for the first time, 1) it gets checked for malware (XprotectService) 2) its code signature gets checked (syspolicyd, trustd, tccd) [1] Both 1) and 2) happen in single-threaded processes that handle only a single binary at a time. Moreover, if a network connection is available, checking a code signature involves checking with Apple's root certificate servers (to verify that the used certificate has not been revoked) [2]. The combination of these points is that the system spends way more time checking for malware and verifying certificates than executing test programs. See https://developer.apple.com/forums/thread/673057 for some more details. Jonas [1] On macOS/ARM64, all binaries must have a code signature. If you don't specify a signing certificate, the linker adds one anyway using a dummy certificate that's local to the current machine, but even these dummy signatures get verified. [2] https://arstechnica.com/gadgets/2020/11/mac-certificate-check-stokes-fears-apple-logs-every-app-you-run/ _______________________________________________ cfarm-users mailing list cfarm-users@lists.tetaneutral.net https://lists.tetaneutral.net/listinfo/cfarm-users
