TeamID is not set during signing

[jakov-denona]

What happened: I'm testing quill to implement into our process for code signing osx binaries. I've exported Apple Developer ID as .p12 cert and password as Quill P12 environment variables (as noted in README). While signing does complete, and I can see certificates embedded into Mach-o binaries, our application cannot start because TeamID is not set.

What you expected to happen: I expected TeamID to be set

How to reproduce it (as minimally and precisely as possible): Build MacOSX application with xcode and try to sign it with quill.

Anything else we need to know?: I've taken a peek into codebase, however, I am not a go developer so I might've understood it wrong, but I couldn't find teamid signature in signing go module.

Environment:

• Output of version command:

  
  Application:     quill
  Version:         0.4.1
  BuildDate:       2023-08-25T19:47:39Z
  GitCommit:       8129c5808e3717838dfb5a32f886a48fa24ed8a9
  GitDescription:  v0.4.1
  Platform:        darwin/arm64
  GoVersion:       go1.18.10
  Compiler:        gc```

• OS:

  ProductName:        macOS
  ProductVersion:     13.4
  BuildVersion:       22F66

[spiffcs]

👋 Hey @brokulante - Quill currently does not set the TeamID. It's something that can be added as an enhancement, but requires a bit of additional code.

It does look like we have space for the TeamOffset https://github.com/anchore/quill/blob/b4ee9d7f48e8c3449868d5337a83d67da73da28b/quill/macho/code_directory.go#L103

We'd have to decode it here: https://github.com/anchore/quill/blob/b4ee9d7f48e8c3449868d5337a83d67da73da28b/quill/sign/code_directory.go#L103-L119

I can do a bit more investigation to see what needs to be updated on the signing side after we include this as a part of the code directory.

[jakov-denona]

Thanks for the reply! I'll keep my eyes opened on this issue 🙏
Please let me know if there is anything I can do to assist :)

[ahmedxfn]

Bundle ID is missing too, isn't it?