Found out I can generate a binary without the LC_VERSION_MIN_MACOSX load
command command with
gcc -no_version_load_command a.cpp
I also found out codesign_allocate from the IOS SDK works too even if
I'm not compiling for IOS at all:
> export
CODESIGN_ALLOCATE=/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate
> codesign -s "identity" --keychain my.keychain a.out
I'm not sure yet which one is the best. I still target OSX 10.5 and use
the -mmacosx-version-min flag during compilation, so I guess I'm better
not touching the LC_VERSION_MIN_MACOSX load command.
Thanks Rainer for pointing me in the right direction.
I'm not really surprised that the default codesign_allocate available in
OSX 10.6 is unable to understand binaries produced by gcc 4.8.
But the fact codesign_allocate from macports doesn't plugs well - no
error, just doesn't do what its told to - still slightly puzzles me.
NH
On 2013-06-30 14:25, Nicolas Hatier wrote:
Hello.
I have troubles to codesign a binary compiled with gcc-mp-48
Previously I was using XCode's gcc (4.2.1) and everything was ok.
a.cpp:
int main() { return 1; }
Compiled with gcc 4.2.1:
> /usr/bin/gcc a.cpp
> security unlock-keychain ~/my.keychain
password to unlock /Users/me/my.keychain: ********
> codesign -f -s "identity" --keychain ~/my.keychain a.out
> codesign -v -v a.out
a.out: valid on disk
a.out: satisfies its Designated Requirement
(success)
Compiled with gcc 4.8 (macports)
> /opt/local/bin/gcc-mp-4.8 a.cpp
> security unlock-keychain ~/my.keychain
password to unlock /Users/me/my.keychain: ********
> codesign -f -s "identity" --keychain ~/my.keychain a.out
codesign_allocate: object: /Users/me/a.out malformed object
(unknown load command 9)
a.out: object file format invalid or unsuitable
(failure)
I then found out there was a codesign_allocate in macports bin, so I
tried:
> export CODESIGN_ALLOCATE=/opt/local/bin/codesign_allocate
> security unlock-keychain ~/my.keychain
password to unlock /Users/me/my.keychain: ********
> codesign -f -s "identity" --keychain ~/my.keychain a.out
a.out: code object is not signed
Uh? When I specify macports codesign_allocate, codesign doesn't even
try to sign, it just verifies the (unavailable) signature of my binary.
However, detached signature works, with or without macports
codesign_allocate:
> codesign -f -s "identity" --keychain ~/my.keychain a.out
--detached a.out.signature
> codesign -v -v a.out --detached a.out.signature
a.out: valid on disk
a.out: satisfies its Designated Requirement
So codesign and codesign_allocate works with gcc48-compiled binaries,
but for some reason fails to understand that it should embed the
signature in the binary.
Anybody have a clue about that? Or maybe a way to embed the signature
after it has been created detached?
Note: My personal Mac/OSX knowledge is basic to medium, and I need to
use only command-line tools to create working, ideally signed,
binaries. The build process is highly automated on several platforms.
Regards
NH
_______________________________________________
macports-users mailing list
[email protected]
https://lists.macosforge.org/mailman/listinfo/macports-users
_______________________________________________
macports-users mailing list
[email protected]
https://lists.macosforge.org/mailman/listinfo/macports-users
