When you sign a universal Mach-O binary with differing binary identifiers (this can happen when you compile each binary separately and glue them together), codesign appears to reconcile the identifier to the same value. rcodesign currently preserves the varying values.
Confusingly, codesign -v says the rcodesign Mach-O verifies when inspecting just it. But if the Mach-O is a nested binary in a bundle, bundle verification fails. This likely has to due with the requirements string in the CodeResources file not being consistent with both binaries.
Splitting this out from #95.
When you sign a universal Mach-O binary with differing binary identifiers (this can happen when you compile each binary separately and glue them together),
codesign
appears to reconcile the identifier to the same value.rcodesign
currently preserves the varying values.Confusingly,
codesign -v
says thercodesign
Mach-O verifies when inspecting just it. But if the Mach-O is a nested binary in a bundle, bundle verification fails. This likely has to due with the requirements string in theCodeResources
file not being consistent with both binaries.