Skip to content

Commit

Permalink
apple-codesign: add test for signing bundle with multiple binaries
Browse files Browse the repository at this point in the history 
This simple test helps isolate issues with extra Mach-O binaries in
bundles.
  • Loading branch information
@indygreg
indygreg committed Nov 6, 2023
1 parent 1c63bca commit f743355
Showing 1 changed file with 364 additions and 0 deletions.
364 changes: 364 additions & 0 deletions apple-codesign/tests/cmd/sign-bundle-multiple-macho.trycmd
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,364 @@
Sign a bundle containing multiple Mach-O binaries.

```
$ rcodesign debug-create-macho MyApp.app/Contents/MacOS/MyApp
assuming default minimum version 11.0.0
writing Mach-O to MyApp.app/Contents/MacOS/MyApp

$ rcodesign debug-create-macho MyApp.app/Contents/MacOS/bin
assuming default minimum version 11.0.0
writing Mach-O to MyApp.app/Contents/MacOS/bin

$ rcodesign debug-create-macho --file-type dylib MyApp.app/Contents/MacOS/lib.dylib
assuming default minimum version 11.0.0
writing Mach-O to MyApp.app/Contents/MacOS/lib.dylib

$ rcodesign debug-create-macho MyApp.app/Contents/Resources/non-nested-bin
assuming default minimum version 11.0.0
writing Mach-O to MyApp.app/Contents/Resources/non-nested-bin

$ rcodesign debug-create-info-plist --bundle-name MyApp MyApp.app/Contents/Info.plist
writing MyApp.app/Contents/Info.plist

$ rcodesign sign MyApp.app MyApp.app.signed
signing MyApp.app to MyApp.app.signed
signing bundle at MyApp.app
signing 0 nested bundles in the following order:
signing bundle at MyApp.app into MyApp.app.signed
collecting code resources files
Contents/Info.plist is the Info.plist file; handling specially
copying file MyApp.app/Contents/Info.plist -> MyApp.app.signed/Contents/Info.plist
sealing Mach-O file MacOS/bin
signing Mach-O file MacOS/bin
inferring default signing settings from Mach-O binary
Mach-O is missing binary identifier; setting to bin based on file name
signing Mach-O binary at index 0
binary targets macOS >= 11.0.0 with SDK 11.0.0
creating ad-hoc signature
code directory version: 132096
total signature size: 372 bytes
writing Mach-O to MyApp.app.signed/MacOS/bin
sealing Mach-O file MacOS/lib.dylib
signing Mach-O file MacOS/lib.dylib
inferring default signing settings from Mach-O binary
Mach-O is missing binary identifier; setting to lib based on file name
signing Mach-O binary at index 0
binary targets macOS >= 11.0.0 with SDK 11.0.0
creating ad-hoc signature
code directory version: 132096
total signature size: 372 bytes
writing Mach-O to MyApp.app.signed/MacOS/lib.dylib
sealing regular file Resources/non-nested-bin
copying file MyApp.app/Contents/Resources/non-nested-bin -> MyApp.app.signed/Contents/Resources/non-nested-bin
writing sealed resources to MyApp.app.signed/Contents/_CodeSignature/CodeResources
signing main executable Contents/MacOS/MyApp
setting main executable binary identifier to com.example.mybundle (derived from CFBundleIdentifier in Info.plist)
inferring default signing settings from Mach-O binary
signing Mach-O binary at index 0
binary targets macOS >= 11.0.0 with SDK 11.0.0
creating ad-hoc signature
code directory version: 132096
total signature size: 421 bytes
writing signed main executable to MyApp.app.signed/Contents/MacOS/MyApp

$ rcodesign print-signature-info MyApp.app.signed
- path: Contents/Info.plist
file_size: 576
file_sha256: 0a5902dc8e47f490d03889d3593d17bddbf79e6c1f79494e20dd28f9459effa5
entity: other
- path: Contents/MacOS/MyApp
file_size: 22544
file_sha256: 563f2fb7c30e75d31bd9903f310c69114926f68e51d1790a9d24d38e45291f7c
entity:
mach_o:
linkedit_segment_file_start_offset: 16384
linkedit_segment_file_end_offset: 22544
signature_file_start_offset: 16400
signature_file_end_offset: 22544
signature_linkedit_start_offset: 16
signature_linkedit_end_offset: 6160
signature:
superblob_length: 421
blob_count: 3
blobs:
- slot: CodeDirectory (0)
magic: fade0c02
length: 365
sha1: 0eb67579afb7f5de1f1d2aa5d30d16756860c3cc
sha256: bd9fcd72bb6cc3c702a9264d57fa37d4f696a48fa69623a0fb7daac9c60b0ff6
- slot: RequirementSet (2)
magic: fade0c01
length: 12
sha1: 3a75f6db058529148e14dd7ea1b4729cc09ec973
sha256: 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986
- slot: CMS Signature (65536)
magic: fade0b01
length: 8
sha1: 2a7254313aa41796079bb0e9d0f044345f69f98b
sha256: e6c83bc98a10348492c7d4d2378a54572ef29e1a5692ccd02b5e29f4b762d6a0
code_directory:
version: '0x20400'
flags: CodeSignatureFlags(ADHOC)
identifier: com.example.mybundle
digest_type: sha256
platform: 0
signed_entity_size: 16400
executable_segment_flags: ExecutableSegmentFlags(MAIN_BINARY)
code_digests_count: 5
slot_digests:
- 'Info (1): 0a5902dc8e47f490d03889d3593d17bddbf79e6c1f79494e20dd28f9459effa5'
- 'RequirementSet (2): 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986'
- 'Resources (3): 29ca54092b8a1ee42bd378889eae9382dd64f94f6ac99e093d5aff76af6ea2bf'
cms: null
- path: Contents/Resources/non-nested-bin
file_size: 16386
file_sha256: 4cfaf70bc9fb6827fcf7751deaf65f8b54d46fecb6f39cb2ba8fbcf36912430c
entity:
mach_o:
linkedit_segment_file_start_offset: null
linkedit_segment_file_end_offset: null
signature_file_start_offset: null
signature_file_end_offset: null
signature_linkedit_start_offset: null
signature_linkedit_end_offset: null
signature: null
- path: Contents/_CodeSignature/CodeResources
file_size: 2882
file_sha256: 29ca54092b8a1ee42bd378889eae9382dd64f94f6ac99e093d5aff76af6ea2bf
entity:
bundle_code_signature_file: !ResourcesXml
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
- <plist version="1.0">
- <dict>
- ' <key>files</key>'
- ' <dict>'
- ' <key>Resources/non-nested-bin</key>'
- ' <data>'
- ' apwGEW+W2ghwpHtZD2rJ1FcX9d8='
- ' </data>'
- ' </dict>'
- ' <key>files2</key>'
- ' <dict>'
- ' <key>MacOS/bin</key>'
- ' <dict>'
- ' <key>cdhash</key>'
- ' <data>'
- ' MZ4S1QVta4NQbypRhY3f2ZokTtc='
- ' </data>'
- ' <key>requirement</key>'
- ' <string>cdhash H"319e12d5056d6b83506f2a51858ddfd99a244ed7"</string>'
- ' </dict>'
- ' <key>MacOS/lib.dylib</key>'
- ' <dict>'
- ' <key>cdhash</key>'
- ' <data>'
- ' 30iNRjx5i6bnr7tV0fhpWa78EnU='
- ' </data>'
- ' <key>requirement</key>'
- ' <string>cdhash H"df488d463c798ba6e7afbb55d1f86959aefc1275"</string>'
- ' </dict>'
- ' <key>Resources/non-nested-bin</key>'
- ' <dict>'
- ' <key>hash2</key>'
- ' <data>'
- ' TPr3C8n7aCf893Ud6vZfi1TUb+y285yyuo+882kSQww='
- ' </data>'
- ' </dict>'
- ' </dict>'
- ' <key>rules</key>'
- ' <dict>'
- ' <key>^Resources/</key>'
- ' <true/>'
- ' <key>^Resources/.*/.lproj/</key>'
- ' <dict>'
- ' <key>optional</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1000</real>'
- ' </dict>'
- ' <key>^Resources/.*/.lproj/locversion.plist$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1100</real>'
- ' </dict>'
- ' <key>^Resources/Base/.lproj/</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>1010</real>'
- ' </dict>'
- ' <key>^version.plist$</key>'
- ' <true/>'
- ' </dict>'
- ' <key>rules2</key>'
- ' <dict>'
- ' <key>.*/.dSYM($|/)</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>11</real>'
- ' </dict>'
- ' <key>^(.*/)?/.DS_Store$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>2000</real>'
- ' </dict>'
- ' <key>^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/</key>'
- ' <dict>'
- ' <key>nested</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>10</real>'
- ' </dict>'
- ' <key>^.*</key>'
- ' <true/>'
- ' <key>^Info/.plist$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^PkgInfo$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^Resources/</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^Resources/.*/.lproj/</key>'
- ' <dict>'
- ' <key>optional</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1000</real>'
- ' </dict>'
- ' <key>^Resources/.*/.lproj/locversion.plist$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1100</real>'
- ' </dict>'
- ' <key>^Resources/Base/.lproj/</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>1010</real>'
- ' </dict>'
- ' <key>^[^/]+$</key>'
- ' <dict>'
- ' <key>nested</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>10</real>'
- ' </dict>'
- ' <key>^embedded/.provisionprofile$</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^version/.plist$</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' </dict>'
- </dict>
- </plist>
- ''
- path: MacOS/bin
file_size: 22544
file_sha256: 222272e624fadf178495f7eeabdac248a951a0fb1e49002f494dde7067e456c8
entity:
mach_o:
linkedit_segment_file_start_offset: 16384
linkedit_segment_file_end_offset: 22544
signature_file_start_offset: 16400
signature_file_end_offset: 22544
signature_linkedit_start_offset: 16
signature_linkedit_end_offset: 6160
signature:
superblob_length: 372
blob_count: 3
blobs:
- slot: CodeDirectory (0)
magic: fade0c02
length: 316
sha1: c86136679b8fb8b73c260c3f5143eb4787ba7408
sha256: 319e12d5056d6b83506f2a51858ddfd99a244ed7b1bb261d9f7a1befa55239db
- slot: RequirementSet (2)
magic: fade0c01
length: 12
sha1: 3a75f6db058529148e14dd7ea1b4729cc09ec973
sha256: 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986
- slot: CMS Signature (65536)
magic: fade0b01
length: 8
sha1: 2a7254313aa41796079bb0e9d0f044345f69f98b
sha256: e6c83bc98a10348492c7d4d2378a54572ef29e1a5692ccd02b5e29f4b762d6a0
code_directory:
version: '0x20400'
flags: CodeSignatureFlags(ADHOC)
identifier: bin
digest_type: sha256
platform: 0
signed_entity_size: 16400
executable_segment_flags: ExecutableSegmentFlags(MAIN_BINARY)
code_digests_count: 5
slot_digests:
- 'Info (1): 0000000000000000000000000000000000000000000000000000000000000000'
- 'RequirementSet (2): 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986'
cms: null
- path: MacOS/lib.dylib
file_size: 22544
file_sha256: f5bf39926f898f9d8b10749c2c2e02d89e6ca1ab85e5210df86a711afc35f1bd
entity:
mach_o:
linkedit_segment_file_start_offset: 16384
linkedit_segment_file_end_offset: 22544
signature_file_start_offset: 16400
signature_file_end_offset: 22544
signature_linkedit_start_offset: 16
signature_linkedit_end_offset: 6160
signature:
superblob_length: 372
blob_count: 3
blobs:
- slot: CodeDirectory (0)
magic: fade0c02
length: 316
sha1: af401622e3c8ad117ef8e8048542a0f6ce3e0d7c
sha256: df488d463c798ba6e7afbb55d1f86959aefc12753467b49d5a984611e11ec8d0
- slot: RequirementSet (2)
magic: fade0c01
length: 12
sha1: 3a75f6db058529148e14dd7ea1b4729cc09ec973
sha256: 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986
- slot: CMS Signature (65536)
magic: fade0b01
length: 8
sha1: 2a7254313aa41796079bb0e9d0f044345f69f98b
sha256: e6c83bc98a10348492c7d4d2378a54572ef29e1a5692ccd02b5e29f4b762d6a0
code_directory:
version: '0x20400'
flags: CodeSignatureFlags(ADHOC)
identifier: lib
digest_type: sha256
platform: 0
signed_entity_size: 16400
executable_segment_flags: ExecutableSegmentFlags(0x0)
code_digests_count: 5
slot_digests:
- 'Info (1): 0000000000000000000000000000000000000000000000000000000000000000'
- 'RequirementSet (2): 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986'
cms: null

```

0 comments on commit f743355

Please sign in to comment.