Add managed MachO signing

THIRD-PARTY-NOTICES.TXT

@@ -1394,3 +1394,27 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
+
+License notice for Melanzana MachO signing
+------------------------------------------
+MIT License
+
+Copyright (c) 2021 Filip Navara
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

src/installer/managed/Microsoft.NET.HostModel/AppHost/HostWriter.cs

@@ -7,6 +7,7 @@
 using System.IO.MemoryMappedFiles;
 using System.Runtime.InteropServices;
 using System.Text;
+using Microsoft.NET.HostModel.MachO;
 
 namespace Microsoft.NET.HostModel.AppHost
 {
@@ -60,7 +61,7 @@ public enum SearchLocation : byte
         /// <param name="appBinaryFilePath">Full path to app binary or relative path to the result apphost file</param>
         /// <param name="windowsGraphicalUserInterface">Specify whether to set the subsystem to GUI. Only valid for PE apphosts.</param>
         /// <param name="assemblyToCopyResourcesFrom">Path to the intermediate assembly, used for copying resources to PE apphosts.</param>
-        /// <param name="enableMacOSCodeSign">Sign the app binary using codesign with an anonymous certificate.</param>
+        /// <param name="enableMacOSCodeSign">Sign the app binary with an anonymous certificate. Only use when the AppHost is a Mach-O file built for MacOS.</param>
         /// <param name="disableCetCompat">Remove CET Shadow Stack compatibility flag if set</param>
         /// <param name="dotNetSearchOptions">Options for how the created apphost should look for the .NET install</param>
         public static void CreateAppHost(
@@ -112,6 +113,10 @@ void RewriteAppHost(MemoryMappedFile mappedFile, MemoryMappedViewAccessor access
                 {
                     PEUtils.RemoveCetCompatBit(mappedFile, accessor);
                 }
+                if (appHostIsPEImage && enableMacOSCodeSign)
+                {
+                    throw new InvalidDataException("Cannot sign a PE image with MacOS code signing.");
+                }
             }
 
             try
@@ -125,28 +130,42 @@ void RewriteAppHost(MemoryMappedFile mappedFile, MemoryMappedViewAccessor access
                     {
                         // Open the source host file.
                         appHostSourceStream = new FileStream(appHostSourceFilePath, FileMode.Open, FileAccess.Read, FileShare.Read, bufferSize: 1);
-                        memoryMappedFile = MemoryMappedFile.CreateFromFile(appHostSourceStream, null, 0, MemoryMappedFileAccess.Read, HandleInheritability.None, true);
-                        memoryMappedViewAccessor = memoryMappedFile.CreateViewAccessor(0, 0, MemoryMappedFileAccess.CopyOnWrite);
-
                         // Get the size of the source app host to ensure that we don't write extra data to the destination.
                         // On Windows, the size of the view accessor is rounded up to the next page boundary.
-                        long sourceAppHostLength = appHostSourceStream.Length;
+                        var appHostLength = appHostSourceStream.Length;
+                        memoryMappedFile = MemoryMappedFile.CreateFromFile(appHostSourceStream, null, 0, MemoryMappedFileAccess.Read, HandleInheritability.None, true);
+                        memoryMappedViewAccessor = memoryMappedFile.CreateViewAccessor(0, 0, MemoryMappedFileAccess.CopyOnWrite);
 
                         // Transform the host file in-memory.
                         RewriteAppHost(memoryMappedFile, memoryMappedViewAccessor);
 
-                        // Save the transformed host.
-                        using (FileStream fileStream = new FileStream(appHostDestinationFilePath, FileMode.Create))
+                        MachObjectFile machObjectFile = null;
+                        if (!appHostIsPEImage)
                         {
-                            BinaryUtils.WriteToStream(memoryMappedViewAccessor, fileStream, sourceAppHostLength);
-
-                            // Remove the signature from MachO hosts.
-                            if (!appHostIsPEImage)
+                            if (enableMacOSCodeSign)
+                            {
+                                string fileName = Path.GetFileName(appHostDestinationFilePath);
+                                machObjectFile = new MachObjectFile(memoryMappedViewAccessor, fileName);
+                                appHostLength = machObjectFile.CreateAdHocSignature(memoryMappedViewAccessor, fileName);
+                            }
+                            else
                             {
-                                MachOUtils.RemoveSignature(fileStream);
+                                if (MachObjectFile.TryRemoveCodesign(memoryMappedViewAccessor, out long? length))
+                                {
+                                    appHostLength = length.Value;
+                                }
                             }
+                        }
 
-                            if (assemblyToCopyResourcesFrom != null && appHostIsPEImage)
+                        // Save the transformed host.
+                        using (FileStream fileStream = new FileStream(appHostDestinationFilePath, FileMode.Create, FileAccess.ReadWrite))
+                        {
+                            BinaryUtils.WriteToStream(memoryMappedViewAccessor, fileStream, appHostLength);
+                            if (!appHostIsPEImage && enableMacOSCodeSign)
+                            {
+                                machObjectFile.WriteCodeSignature(fileStream);
+                            }
+                            if (appHostIsPEImage && assemblyToCopyResourcesFrom != null)
                             {
                                 using var updater = new ResourceUpdater(fileStream, true);
                                 updater.AddResourcesFromPEImage(assemblyToCopyResourcesFrom);
@@ -178,15 +197,6 @@ void RewriteAppHost(MemoryMappedFile mappedFile, MemoryMappedViewAccessor access
                     {
                         throw new Win32Exception(Marshal.GetLastWin32Error(), $"Could not set file permission {Convert.ToString(filePermissionOctal, 8)} for {appHostDestinationFilePath}.");
                     }
-
-                    if (enableMacOSCodeSign && RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && HostModelUtils.IsCodesignAvailable())
-                    {
-                        (int exitCode, string stdErr) = HostModelUtils.RunCodesign("-s -", appHostDestinationFilePath);
-                        if (exitCode != 0)
-                        {
-                            throw new AppHostSigningException(exitCode, stdErr);
-                        }
-                    }
                 }
             }
             catch (Exception ex)

src/installer/managed/Microsoft.NET.HostModel/AssemblyAttributes.cs

@@ -0,0 +1,28 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Runtime.CompilerServices;
+
+[assembly: InternalsVisibleTo("Microsoft.NET.HostModel.Tests, PublicKey="
+        + "00240000048000009400000006020000"
+        + "00240000525341310004000001000100"
+        + "b5fc90e7027f67871e773a8fde8938c8"
+        + "1dd402ba65b9201d60593e96c492651e"
+        + "889cc13f1415ebb53fac1131ae0bd333"
+        + "c5ee6021672d9718ea31a8aebd0da007"
+        + "2f25d87dba6fc90ffd598ed4da35e44c"
+        + "398c454307e8e33b8426143daec9f596"
+        + "836f97c8f74750e5975c64e2189f45de"
+        + "f46b2a2b1247adc3652bf5c308055da9")]
+
+[assembly: InternalsVisibleTo("Microsoft.NET.HostModel.MachO.Tests, PublicKey="
+        + "00240000048000009400000006020000"
+        + "00240000525341310004000001000100"
+        + "b5fc90e7027f67871e773a8fde8938c8"
+        + "1dd402ba65b9201d60593e96c492651e"
+        + "889cc13f1415ebb53fac1131ae0bd333"
+        + "c5ee6021672d9718ea31a8aebd0da007"
+        + "2f25d87dba6fc90ffd598ed4da35e44c"
+        + "398c454307e8e33b8426143daec9f596"
+        + "836f97c8f74750e5975c64e2189f45de"
+        + "f46b2a2b1247adc3652bf5c308055da9")]

src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs

@@ -9,6 +9,7 @@
 using System.Linq;
 using System.Reflection.PortableExecutable;
 using System.Runtime.InteropServices;
+using Microsoft.DotNet.CoreSetup;
 using Microsoft.NET.HostModel.AppHost;
 
 namespace Microsoft.NET.HostModel.Bundle
@@ -272,9 +273,9 @@ public string GenerateBundle(IReadOnlyList<FileSpec> fileSpecs)
 
             BinaryUtils.CopyFile(hostSource, bundlePath);
 
-            if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && HostModelUtils.IsCodesignAvailable())
+            if (_target.IsOSX && RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && Codesign.IsAvailable)
             {
-                RemoveCodesignIfNecessary(bundlePath);
+                Codesign.Run("--remove-signature", bundlePath);
             }
 
             // Note: We're comparing file paths both on the OS we're running on as well as on the target OS for the app
@@ -346,33 +347,16 @@ public string GenerateBundle(IReadOnlyList<FileSpec> fileSpecs)
             HostWriter.SetAsBundle(bundlePath, headerOffset);
 
             // Sign the bundle if requested
-            if (_macosCodesign && RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && HostModelUtils.IsCodesignAvailable())
+            if (_macosCodesign && RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && Codesign.IsAvailable)
             {
-                var (exitCode, stdErr) = HostModelUtils.RunCodesign("-s -", bundlePath);
+                var (exitCode, stdErr) = Codesign.Run("-s -", bundlePath);
                 if (exitCode != 0)
                 {
                     throw new InvalidOperationException($"Failed to codesign '{bundlePath}': {stdErr}");
                 }
             }
 
             return bundlePath;
-
-            // Remove mac code signature if applied before bundling
-            static void RemoveCodesignIfNecessary(string bundlePath)
-            {
-                Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.OSX));
-                Debug.Assert(HostModelUtils.IsCodesignAvailable());
-
-                // `codesign -v` returns 0 if app is signed
-                if (HostModelUtils.RunCodesign("-v", bundlePath).ExitCode == 0)
-                {
-                    var (exitCode, stdErr) = HostModelUtils.RunCodesign("--remove-signature", bundlePath);
-                    if (exitCode != 0)
-                    {
-                        throw new InvalidOperationException($"Removing codesign from '{bundlePath}' failed: {stdErr}");
-                    }
-                }
-            }
         }
     }
 }

src/installer/managed/Microsoft.NET.HostModel/Bundle/Codesign.cs

@@ -0,0 +1,38 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Diagnostics;
+using System.IO;
+using System.Runtime.InteropServices;
+
+namespace Microsoft.DotNet.CoreSetup
+{
+    public class Codesign
+    {
+        private const string CodesignPath = @"/usr/bin/codesign";
+
+        public static bool IsAvailable => File.Exists(CodesignPath);
+
+        public static (int ExitCode, string StdErr) Run(string args, string appHostPath)
+        {
+            Debug.Assert(RuntimeInformation.IsOSPlatform(OSPlatform.OSX));
+            Debug.Assert(IsAvailable);
+
+            var psi = new ProcessStartInfo()
+            {
+                Arguments = $"{args} \"{appHostPath}\"",
+                FileName = CodesignPath,
+                RedirectStandardError = true,
+                UseShellExecute = false,
+            };
+
+            using (var p = Process.Start(psi))
+            {
+                if (p == null)
+                    return (-1, "Failed to start process");
+                p.WaitForExit();
+                return (p.ExitCode, p.StandardError.ReadToEnd());
+            }
+        }
+    }
+}

src/installer/managed/Microsoft.NET.HostModel/Bundle/TargetInfo.cs

@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using Microsoft.NET.HostModel.MachO;
 using Microsoft.NET.HostModel.AppHost;
 using System;
 using System.Diagnostics;
@@ -77,7 +78,7 @@ public TargetInfo(OSPlatform? os, Architecture? arch, Version targetFrameworkVer
 
         public bool IsNativeBinary(string filePath)
         {
-            return IsWindows ? PEUtils.IsPEImage(filePath) : IsOSX ? MachOUtils.IsMachOImage(filePath) : ElfUtils.IsElfImage(filePath);
+            return IsWindows ? PEUtils.IsPEImage(filePath) : IsOSX ? AppHost.MachOUtils.IsMachOImage(filePath) : ElfUtils.IsElfImage(filePath);
         }
 
         public string GetAssemblyName(string hostName)

src/installer/managed/Microsoft.NET.HostModel/MachO/BlobIndex.cs

@@ -0,0 +1,22 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Runtime.InteropServices;
+
+namespace Microsoft.NET.HostModel.MachO;
+
+[StructLayout(LayoutKind.Sequential)]
+internal struct BlobIndex
+{
+    private readonly CodeDirectorySpecialSlot _slot;
+    private readonly uint _offset;
+
+    public CodeDirectorySpecialSlot Slot => (CodeDirectorySpecialSlot)((uint)_slot).ConvertFromBigEndian();
+    public uint Offset => _offset.ConvertFromBigEndian();
+
+    public BlobIndex(CodeDirectorySpecialSlot slot, uint offset)
+    {
+        _slot = (CodeDirectorySpecialSlot)((uint)slot).MakeBigEndian();
+        _offset = offset.MakeBigEndian();
+    }
+}

src/installer/managed/Microsoft.NET.HostModel/MachO/BlobMagic.cs

@@ -0,0 +1,12 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.NET.HostModel.MachO;
+
+internal enum BlobMagic : uint
+{
+    Requirements = 0xfade0c01,
+    CodeDirectory = 0xfade0c02,
+    EmbeddedSignature = 0xfade0cc0,
+    CmsWrapper = 0xfade0b01,
+}

src/installer/managed/Microsoft.NET.HostModel/MachO/CmsBlob.cs

@@ -0,0 +1,19 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Runtime.InteropServices;
+
+namespace Microsoft.NET.HostModel.MachO;
+
+[StructLayout(LayoutKind.Sequential)]
+internal struct CmsWrapperBlob
+{
+    private BlobMagic _magic;
+    private uint _length;
+
+    public static CmsWrapperBlob Empty = new CmsWrapperBlob
+    {
+        _magic = (BlobMagic)((uint)BlobMagic.CmsWrapper).MakeBigEndian(),
+        _length = 8u.MakeBigEndian()
+    };
+}

src/installer/managed/Microsoft.NET.HostModel/MachO/CodeDirectoryFlags.cs

@@ -0,0 +1,9 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.NET.HostModel.MachO;
+
+internal enum CodeDirectoryFlags : uint
+{
+    Adhoc = 2,
+}