Skip to content

Fix support for ADHOC app bundle signing with frameworks#44

Closed
marysaka wants to merge 2 commits into
indygreg:mainfrom
marysaka:fix/adhoc-app-bundle
Closed

Fix support for ADHOC app bundle signing with frameworks#44
marysaka wants to merge 2 commits into
indygreg:mainfrom
marysaka:fix/adhoc-app-bundle

Conversation

@marysaka

@marysaka marysaka commented Nov 7, 2022

Copy link
Copy Markdown
Contributor

Before this, codesign would error with "the sealed resource directory is invalid".

This add a new codepath when no code requirements has been set that will enforce a requirement presence and ensure that appropriate cdhashes are present for the given file.

indygreg
indygreg reviewed Nov 8, 2022
View reviewed changes

@indygreg indygreg left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution!

I think this seems reasonable.

Do you have steps to reproduce the previous failure? I'd like to verify behavior locally before merging this.

(Also, I'm starting to regret not having better test coverage for bundle signing - this is easily the most nuanced part of the code base!)

Comment thread apple-codesign/src/bundle_signing.rs Outdated
Comment thread apple-codesign/src/macho_signing.rs
@marysaka
Fix support for ADHOC app bundle signing with frameworks
6222bcc 
Before this, codesign would error with "the sealed resource directory is invalid".

This add a new codepath when no code requirements has been set that will enforce a requirement presence and ensure that appropriate cdhashes are present for the given file.
@marysaka
Address comments
12e0135
@marysaka

marysaka commented Nov 8, 2022

Copy link
Copy Markdown
Contributor Author

Do you have steps to reproduce the previous failure? I'd like to verify behavior locally before merging this.

I made a simple dummy reproducer that I attached below. create_bundle.sh will create a simple bundle that trigger that issue 😄

simple_bundle_reproducer.tar.gz

@marysaka marysaka requested a review from indygreg November 10, 2022 16:24
indygreg
indygreg approved these changes Dec 18, 2022
View reviewed changes

@indygreg indygreg left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this looks pretty good.

Sorry for the high review latency.

I'm going to clean this up a little locally and push a lightly modified version to main.

Thank you for the contribution!

Comment thread apple-codesign/src/macho_signing.rs
@indygreg indygreg closed this in c506bb5 Dec 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@indygreg indygreg indygreg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marysaka @indygreg