codesign and text files

App & System Services Core OS
rpatrick00 OP
Created Jul ’21
Replies 1
Boosts 0
Views 1.2k
Participants 2

We are building an open source, electron-based application and using electron-builder's code signing support to sign our application (that is distributed outside of the App Store).

Unfortunately, we seem to have hit an impasse due to what appears to be a limitation (or bug) of the underlying Apple codesign utility. Our application bundles a couple of other open source projects "installed versions" inside of it. These applications, as well as our own, include TXT files mixed in with binary files and at least a couple of them cannot me separated from the binary directory.

If codesign does not sign text files, why not just have a mechanism to skip over the text file (printing a warning if you must) and allow electron-builder's code signing process to continue?

Replies  1
Boosts  0
Views  1.2k
Participants  2
DTS Engineer OP
Apple
Jul ’21

The Apple code signing architecture is perfectly capable of signing text files:

% cat test.txt                        
Hello Cruel World!
% ls -l@ test.txt | grep com.apple.cs
% codesign -s - test.txt
% ls -l@ test.txt | grep com.apple.cs
        com.apple.cs.CodeDirectory      154 
        com.apple.cs.CodeRequirements   12 
        com.apple.cs.CodeRequirements-1 190 
        com.apple.cs.CodeSignature      0

The problem is that a text file has no place to store the code signature, so it ends up being stored in an extended attribute. This often ends badly because its not uncommon for distribution paths to string extended attributes.

Our application bundles a couple of other open source projects "installed versions" inside of it. These applications, as well as our own, include TXT files mixed in with binary files and at least a couple of them cannot me separated from the binary directory.

I generally recommend the approach described in the Use Symlinks to Deal with Alien Structures section of Signing a Mac Product For Distribution.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
codesign and text files
First post date Last post date
 
 
Q