search

tpoechtrager / osxcross

Mac OS X cross toolchain for Linux, FreeBSD, OpenBSD and Android (Termux)
GNU General Public License v2.0
2.85k stars 320 forks source link

After strip debug symbols, arm64 binaries stopped working on M1 mac #305

Closed vanc closed 2 years ago

vanc commented 2 years ago

For a simple helloworld program, use arm64-apple-darwin20.4-cc to generate a executable, named hello.

Copy the file to hello.stripped, then strip all debug symbols with:

cp hello hello.stripped
arm64-apple-darwin20.4-strip -S -x -u hello.stripped

Transfer both files to M1 mac, and run them.

$ ./hello
Hello World
$ ./hello.stripped
Killed: 9

If strip symbols on the M1 mac itself, everything works fine. I can also resign the stripped binary on mac (even Intel mac), the binary will also work well.

$ codesign -s - hello.stripped

The strip command from osxcross complained about invalidating codesign signatures. That should be the reason. But on macOS (including Intel and M1 models), the strip tool will regenerate the ad-hoc signature.

I tried zsign, but it didn't solve the issue.

Any way in osxcross to regenerate the ad-hoc codesign signatures?

vanc commented 2 years ago

This issue might share the same root cause as #279.

tpoechtrager commented 2 years ago

You could try to sign the binary again with https://github.com/thefloweringash/sigtool

HinTak commented 2 years ago

I wrote some python code which can analyze and remove the signatures (and allow binaries to be resigned) at https://github.com/HinTak/mono-modification , they run on linux to analyze them. You might be able to adapt them to add an ad-hoc signature.

The context is that signatures are appended to binaries. But mono also has a way of making self-contained executable, such that the mono runtime looks at itself, and find extra things at the end of itself. So I wrote some scripts to make the two systems co-exist.

If you can attach the stripped and broken binary and the re-signed and fixed binary here for me to have a look?

vanc commented 2 years ago

You could try to sign the binary again with https://github.com/thefloweringash/sigtool

Thank you @tpoechtrager. That's exactly what I needed. Tried on a few binaries, and all of them could run properly on M1 mac after re-signed with sigtool.

Very appreciated for the pointer!

vanc commented 2 years ago

Hope sigtool or an equivalent could be merged to osxcross. Thanks again.

tpoechtrager commented 2 years ago

I will once I find the time for it.