Add managed MachO signing #108992
Merged
Add managed MachO signing #108992
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
am11
reviewed
Oct 17, 2024
src/installer/managed/Microsoft.NET.HostModel/MachO/CodeSignature.cs
Outdated
Show resolved
Hide resolved
am11
reviewed
Oct 17, 2024
src/installer/managed/Microsoft.NET.HostModel/MachO/CodeSignature.cs
Outdated
Show resolved
Hide resolved
am11
reviewed
Oct 17, 2024
src/installer/managed/Microsoft.NET.HostModel/Microsoft.NET.HostModel.csproj
Outdated
Show resolved
Hide resolved
am11
reviewed
Oct 17, 2024
src/installer/managed/Microsoft.NET.HostModel/MachO/EmbeddedSignatureHeader.cs
Outdated
Show resolved
Hide resolved
- Rename (header, offset) tuples - Prefix underscore on private fields - Modify load commands in-place in memory mapped file, and write the signature to the output stream since memory mapped file can't grow.
am11
reviewed
Oct 18, 2024
src/installer/tests/Microsoft.NET.HostModel.Tests/MachObjectSigning/Data/a.out
Outdated
Show resolved
Hide resolved
|
|
am11
reviewed
Oct 19, 2024
src/installer/managed/Microsoft.NET.HostModel/MachO/NameBuffer.cs
Outdated
Show resolved
Hide resolved
am11
reviewed
Oct 19, 2024
src/installer/managed/Microsoft.NET.HostModel/MachO/MachMagicExtensions.cs
Outdated
Show resolved
Hide resolved
am11
reviewed
Oct 19, 2024
src/installer/managed/Microsoft.NET.HostModel/MachO/MachMagicExtensions.cs
Outdated
Show resolved
Hide resolved
huoyaoyuan
reviewed
Oct 21, 2024
src/installer/managed/Microsoft.NET.HostModel/MachO/RequirementsBlob.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/MachO/CodeSignature.cs
Outdated
Show resolved
Hide resolved
Co-authored-by: Adeel Mujahid <3840695+am11@users.noreply.github.com>
…xtensions.cs Co-authored-by: Adeel Mujahid <3840695+am11@users.noreply.github.com>
…xtensions.cs Co-authored-by: Adeel Mujahid <3840695+am11@users.noreply.github.com>
elinor-fung
reviewed
Oct 21, 2024
src/installer/managed/Microsoft.NET.HostModel/MachO/CodeDirectoryHeader.cs
Outdated
Show resolved
Hide resolved
|
Could you add a short description of what ad hoc codesigning actually does? |
- Link to Apple open source code for binary formats - Remove extra Enum values - Remove binary test data and use test data package - Don't add signature to test apps that weren't signed before
agocke
reviewed
Oct 23, 2024
src/installer/managed/Microsoft.NET.HostModel/MachO/CodeDirectoryHeader.cs
Outdated
Show resolved
Hide resolved
…ture related methods, remove unused structs
am11
reviewed
Oct 29, 2024
elinor-fung
reviewed
Oct 31, 2024
src/installer/managed/Microsoft.NET.HostModel/AppHost/HostWriter.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/AppHost/HostWriter.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/AppHost/HostWriter.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/CmsBlob.cs
Outdated
Show resolved
Hide resolved
src/installer/tests/Microsoft.NET.HostModel.Tests/AppHost/CreateAppHost.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/AssemblyAttributes.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/MachO/MachObjectFile.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/MachO/MachObjectFile.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/MachO/MachObjectFile.cs
Outdated
Show resolved
Hide resolved
elinor-fung
approved these changes
Nov 1, 2024
There was a problem hiding this comment.
Thank you! This looks good to me.
Some things for your list of existing follow-ups:
- I think the SDK only enables signing when actually running on macOS - with this, I think we can/should update that default.
- Tests in dotnet/sdk for cross-building for
osx-<arch>and signing on non-macOS
src/installer/managed/Microsoft.NET.HostModel/MachO/MachObjectFile.cs
Outdated
Show resolved
Hide resolved
src/installer/tests/Microsoft.NET.HostModel.Tests/AppHost/CreateAppHost.cs
Outdated
Show resolved
Hide resolved
src/installer/tests/Microsoft.NET.HostModel.Tests/AppHost/CreateAppHost.cs
Outdated
Show resolved
Hide resolved
src/installer/tests/HostActivation.Tests/MachOHostSigningTests.cs
Outdated
Show resolved
Hide resolved
elinor-fung
approved these changes
Nov 11, 2024
src/installer/managed/Microsoft.NET.HostModel/MachO/MachObjectFile.cs
Outdated
Show resolved
Hide resolved
…re, move public method above private methods.
|
/ba-g WASM timeout, sporadic failure. |
mikelle-rogers
pushed a commit
to mikelle-rogers/runtime
that referenced
this pull request
Dec 10, 2024
Creates a managed implementation of Mach-O object file signing for the apphost. This signer is byte-for-byte identical to the output of codesign except for padding at the end of the file and the corresponding size fields in the headers. The MachObjectFile and CodeSignature store all the relevant headers and signature information to add/remove a signature from a Mach Object. Most other files are details regarding header format and reading files with different endianness. The new signer uses a MemoryMappedViewAccessor instead of a Stream. Since memory mapped files can't be resized, MachObjectFile.CreateAdHocSignature() will write out the headers and load commands to the memory mapped file, but not the signature blob. The signature blob will instead be written to the destination file stream after the rest of the file is copied from the memory mapped file. The signature is composed of an EmbeddedSignature superblob with an ID and offset of 3 following blobs, followed by a CodeDirectory blob, an empty Requirements blob, and an empty CMS blob. The empty Requirements blob and an empty CMS blob are not strictly required but are added for compatibility with codesign. The CodeDirectory includes the identifier string, hashes of each page of the file and information required to verify the hashes. The signing process for an unsigned executable extends the __LINKEDIT segment (which is always at the end of the file) to make room for the signature blob, writes the signature blob to that location, and adds a CodeSignature load command that points the the signature. If the executable was already signed, it simply clears the old signature and replaces it, extends or shrinks the existing __LINKEDIT size and updates the existing CodeSignature load command. Co-authored-by: Adeel Mujahid <3840695+am11@users.noreply.github.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Moving #107378 to a new PR since it now has little shared history.
This signer is byte-for-byte identical to the output of
codesignexcept for padding at the end of the file and the corresponding size fields in the headers.The MachObjectFile and CodeSignature store all the relevant headers and signature information to add/remove a signature from a Mach Object. Most other files are details regarding header format and reading files with different endianness.
The new signer uses a MemoryMappedViewAccessor instead of a Stream. Since memory mapped files can't be resized,
MachObjectFile.CreateAdHocSignature()will write out the headers and load commands to the memory mapped file, but not the signature blob. The signature blob will instead be written to the destination file stream after the rest of the file is copied from the memory mapped file.The signature is composed of an EmbeddedSignature superblob with an ID and offset of 3 following blobs, followed by a CodeDirectory blob, an empty Requirements blob, and an empty CMS blob. The empty Requirements blob and an empty CMS blob are not strictly required but are added for compatibility with
codesign. The CodeDirectory includes the identifier string, hashes of each page of the file and information required to verify the hashes.The signing process for an unsigned executable extends the __LINKEDIT segment (which is always at the end of the file) to make room for the signature blob, writes the signature blob to that location, and adds a CodeSignature load command that points the the signature. If the executable was already signed, it simply clears the old signature and replaces it, extends or shrinks the existing __LINKEDIT size and updates the existing CodeSignature load command.