Automatic code signing

Hello,

I've always used a package manager (pkgsrc), it installs to my home directory (~/pkg).

I noticed today that if I manually copy a binary (not build by the package manager) to that location (~/pkg/bin), it gets terminated by EXC_BAD_ACCESS (Code Signature Invalid), but runs fine in its original location.

I was confused because I don't remember signing anything in there.

So Xcode clang is signing everything by default:

% codesign --display --verbose ~/pkg/bin/python
...
Format=Mach-O thin (arm64)
CodeDirectory v=20400 size=514 flags=0x20002(adhoc,linker-signed) hashes=13+0 location=embedded
Signature=adhoc
...

"linker-signed"..?

I guess I have to "re-link" binaries every time they get moved? Since the linker is doing this on its own, maybe the "install" utility could do that for us?

Update: Nevermind. TIL about -adhoc_codesign and -no_adhoc_codesign linker options. 😅

Replies

Also, watch out for the gotcha described in Updating Mac Software.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"