pub fn is_binary_signed() -> boolExpand description
Returns true iff the current binary is considered “signed” for identity purposes.
Detection logic:
- If the exe path contains
/target/or\target\, it’s a cargo build → unsigned. - On macOS: runs
codesign --verify --no-strict— exit 0 means signed. - On other platforms: if not in
/target/, assumed signed (there’s no platform-equivalent ACL coupling concern on Windows/Linux, but we still separate namespaces for development builds).
Result is cached for the process lifetime.