When you sign a universal Mach-O binary with differing binary identifiers (this can happen when you compile each binary separately and glue them together), codesign appears to reconcile the identifier to the same value. rcodesign currently preserves the varying values.
Confusingly, codesign -v says the rcodesign Mach-O verifies when inspecting just it. But if the Mach-O is a nested binary in a bundle, bundle verification fails. This likely has to due with the requirements string in the CodeResources file not being consistent with both binaries.
Splitting this out from #95.
When you sign a universal Mach-O binary with differing binary identifiers (this can happen when you compile each binary separately and glue them together),
codesignappears to reconcile the identifier to the same value.rcodesigncurrently preserves the varying values.Confusingly,
codesign -vsays thercodesignMach-O verifies when inspecting just it. But if the Mach-O is a nested binary in a bundle, bundle verification fails. This likely has to due with the requirements string in theCodeResourcesfile not being consistent with both binaries.