From db6054f004ac35544a72901819ae1ac9986efe86 Mon Sep 17 00:00:00 2001 From: Gregory Szorc Date: Mon, 6 Nov 2023 11:36:01 +0800 Subject: [PATCH] apple-codesign: add a test showing that symlink overwrites are broken Unsure if there is a bug report for this. But it is definitely a bug. --- apple-codesign/tests/cli_tests.rs | 1 + .../cmd/sign-bundle-symlink-overwrite.trycmd | 60 +++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 apple-codesign/tests/cmd/sign-bundle-symlink-overwrite.trycmd diff --git a/apple-codesign/tests/cli_tests.rs b/apple-codesign/tests/cli_tests.rs index e24fba1aa..3caad3167 100644 --- a/apple-codesign/tests/cli_tests.rs +++ b/apple-codesign/tests/cli_tests.rs @@ -283,5 +283,6 @@ fn cli_tests() { cases.skip("tests/cmd/sign-bundle-framework.trycmd"); cases.skip("tests/cmd/sign-bundle-with-nested-framework.trycmd"); cases.skip("tests/cmd/sign-bundle-electron.trycmd"); + cases.skip("tests/cmd/sign-bundle-symlink-overwrite.trycmd"); } } diff --git a/apple-codesign/tests/cmd/sign-bundle-symlink-overwrite.trycmd b/apple-codesign/tests/cmd/sign-bundle-symlink-overwrite.trycmd new file mode 100644 index 000000000..ad6a7b93a --- /dev/null +++ b/apple-codesign/tests/cmd/sign-bundle-symlink-overwrite.trycmd @@ -0,0 +1,60 @@ +Sign a bundle with symlinks and verify symlink overwrites work + +``` +$ rcodesign debug-create-macho MyApp.app/Contents/MacOS/MyApp +assuming default minimum version 11.0.0 +writing Mach-O to MyApp.app/Contents/MacOS/MyApp + +$ rcodesign debug-create-info-plist --bundle-name MyApp MyApp.app/Contents/Info.plist +writing MyApp.app/Contents/Info.plist + +$ mkdir -p MyApp.app/Contents/Resources +$ touch MyApp.app/Contents/Resources/file-00.txt +$ touch MyApp.app/Contents/Resources/file-01.txt +$ ln -s file-00.txt MyApp.app/Contents/Resources/file.txt + +$ rcodesign sign MyApp.app MyApp.app.signed +signing MyApp.app to MyApp.app.signed +signing bundle at MyApp.app +signing 0 nested bundles in the following order: +signing bundle at MyApp.app into MyApp.app.signed +collecting code resources files +copying file MyApp.app/Contents/Info.plist -> MyApp.app.signed/Contents/Info.plist +sealing regular file Resources/file-00.txt +copying file MyApp.app/Contents/Resources/file-00.txt -> MyApp.app.signed/Contents/Resources/file-00.txt +sealing regular file Resources/file-01.txt +copying file MyApp.app/Contents/Resources/file-01.txt -> MyApp.app.signed/Contents/Resources/file-01.txt +sealing symlink Resources/file.txt -> file-00.txt +replicating symlink MyApp.app.signed/Contents/Resources/file.txt -> file-00.txt +writing sealed resources to MyApp.app.signed/Contents/_CodeSignature/CodeResources +signing main executable Contents/MacOS/MyApp +setting main executable binary identifier to com.example.mybundle (derived from CFBundleIdentifier in Info.plist) +inferring default signing settings from Mach-O binary +signing Mach-O binary at index 0 +binary targets macOS >= 11.0.0 with SDK 11.0.0 +creating ad-hoc signature +code directory version: 132096 +total signature size: 421 bytes +writing signed main executable to MyApp.app.signed/Contents/MacOS/MyApp + +$ ln -s file-01.txt MyApp.app/Contents/Resources/file.txt +? 1 +/Users/gps/src/apple-platform-rs/target/coreutils/bin/ln: Already exists + +$ rcodesign sign MyApp.app MyApp.app.signed +? 1 +signing MyApp.app to MyApp.app.signed +signing bundle at MyApp.app +signing 0 nested bundles in the following order: +signing bundle at MyApp.app into MyApp.app.signed +collecting code resources files +copying file MyApp.app/Contents/Info.plist -> MyApp.app.signed/Contents/Info.plist +sealing regular file Resources/file-00.txt +copying file MyApp.app/Contents/Resources/file-00.txt -> MyApp.app.signed/Contents/Resources/file-00.txt +sealing regular file Resources/file-01.txt +copying file MyApp.app/Contents/Resources/file-01.txt -> MyApp.app.signed/Contents/Resources/file-01.txt +sealing symlink Resources/file.txt -> file-00.txt +replicating symlink MyApp.app.signed/Contents/Resources/file.txt -> file-00.txt +Error: I/O error: File exists (os error 17) + +```