Hi Peter, On Sun, Sep 6, 2009 at 9:00 PM, Peter Hudson<[email protected]> wrote: > I notice that when I sign code ( the whole app ) I land up with 2 > additional items in my /Contents directory in the app bundle. > These items are a folder called _CodeSignature and an alias called > CodeResources. > > If I delete these two items, the code still identifies itself as signed ( > when I attempt to run codesign on it again ). > Also, the app still runs. > > I was wondering if these files are meant to remain or if removing them is > not an issue ?
Within an application bundle there are signatures for all the files within the bundle and then there's a signature for the binary itself. The signature for the binary is stored within executable and you can see it if you use the otool -l command (look for the LC_CODE_SIGNATURE). The signature for all the resources is stored within the file you've discovered. As far as I know, except for static validation (using the codesign tool), the signature for the resources isn't used by much (or at least it wasn't for Leopard). The signature for the binary is used by the system for various things. For example you can set the kill flag to have your application terminated if there's an invalid signature, and it's used for Keychain access (so that if you upgrade an application, you won't be prompted again for password access provided the signature remains valid). It's important to remember that code signatures are not really there to prevent malware from running, or make it harder for hackers (since it's trivial to remove a code signature or replace them other valid signatures). At any rate, you shouldn't be deleting those files. If you remove them, the signature will be invalidated. By the way, the best list for code signing questions is the apple-cdsa list. Kind regards, Chris _______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
