search

tpoechtrager / osxcross

Mac OS X cross toolchain for Linux, FreeBSD, OpenBSD and Android (Termux)
GNU General Public License v2.0
2.8k stars 318 forks source link

install_name_tool doesn't adjust ad-hoc code signatures #410

Open sfackler opened 6 months ago

sfackler commented 6 months ago

In Linux using osxcross with the custom clang build:

$ cat test.c
#include <stdio.h>

void hello() {
        printf("hello world\n");
}
$ aarch64-apple-darwin20.4-cc -c -fpic test.c
$ aarch64-apple-darwin20.4-cc -shared -o libtest.dylib test.o
$ cp libtest.dylib libtest-patched.dylib
$ aarch64-apple-darwin20.4-install_name_tool libtest-patched.dylib -id @rpath/libtest.dylib

In macOS:

$ codesign --verify libtest.dylib
$ codesign --verify libtest-patched.dylib
libtest-patched.dylib: invalid signature (code or signature have been modified)
In architecture: arm64

Using the native install_name_tool does preserve a correct signature:

$ cp libtest.dylib libtest-patched.dylib
$ install_name_tool libtest-patched.dylib -id @rpath/libtest.dylib
$ codesign --verify libtest-patched.dylib
sfackler commented 6 months ago

It looks like the newest cctools version supports re-signing the binary but needs codedirectory support to be enabled which doesn't seem to be the case right now: https://github.com/tpoechtrager/cctools-port/blob/1009.2-ld64-907/cctools/misc/install_name_tool.c#L337-L347