Sat Apr 27 14:26:26 2019: Request 129312 was acted upon. Transaction: Correspondence added by philk...@kime.org.uk Queue: PAR-Packer Subject: Re: [rt.cpan.org #129312] Code signing for OSX Broken in: (no value) Severity: (no value) Owner: Nobody Requestors: phi...@kime.org.uk Status: open Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 >
I now have an OSX C program which which I can contribute which fixes the two issues preventing code signing. It only works with 64-bit non-fat Mach-O binaries but since, I believe, this is what is allowed by Apple for distributions that uses code-signing, I don’t see a problem with this. I can generalise it if necessary. See sample output: > codesign -v -s "Code Signing Test" --force --timestamp --options=runtime > ppbinary ppbinary: main executable failed strict validation > pp_codesign_fix ppbinary Correcting __LINKEDIT Old File Size: 5836 New File Size: 17888447 Old VM Size: 8192 New VM Size: 17888447 Correcting LC_SYMTAB Old String Table Size: 1848 New String Table Size: 17884459 > codesign -v -s "Code Signing Test" --force --timestamp --options=runtime > ppbinary ppbinary: signed Mach-O thin (x86_64) [ppbinary] However, the signed binary is broken for PAR: > ./ppbinary format error: can't find EOCD signature at /loader/HASH(0x7fb593093028)/Archive/Zip/Archive.pm line 723. Archive::Zip::Archive::_findEndOfCentralDirectory(Archive::Zip::Archive=HASH(0x7fb593801888), IO::File=GLOB(0x7fb593511598)) called at /loader/HASH(0x7fb593093028)/Archive/Zip/Archive.pm line 596 Archive::Zip::Archive::readFromFileHandle(Archive::Zip::Archive=HASH(0x7fb593801888), IO::File=GLOB(0x7fb593511598), "/Users/philkime/Desktop/NB/./ppbinary") called at -e line 373 eval {...} called at -e line 41 __par_pl::BEGIN() called at -e line 614 eval {...} called at -e line 614 : at -e line 373. Compare the file sizes before and after codesigning: BEFORE: 21107903 AFTER: 21291136 Difference is ~180K which is all appended after the PAR signature. Can Mr Schupp or someone familiar with this comment on whether this looks like the 128K PAR signature limit needs to be relaxed further or is this a different problem?