Re: [rt.cpan.org #129312] Code signing for OSX

Sat, 27 Apr 2019 11:26:51 -0700 

Sat Apr 27 14:26:26 2019: Request 129312 was acted upon.
Transaction: Correspondence added by [email protected]
       Queue: PAR-Packer
     Subject: Re: [rt.cpan.org #129312] Code signing for OSX
   Broken in: (no value)
    Severity: (no value)
       Owner: Nobody
  Requestors: [email protected]
      Status: open
 Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 >


I now have an OSX C program which which I can contribute which fixes the two 
issues preventing code signing. It only works with 64-bit non-fat Mach-O 
binaries but since, I believe, this is what is allowed by Apple for 
distributions that uses code-signing, I don’t see a problem with this. I can 
generalise it if necessary. See sample output:


> codesign -v -s "Code Signing Test" --force --timestamp --options=runtime 
> ppbinary 
ppbinary: main executable failed strict validation

> pp_codesign_fix ppbinary 
Correcting __LINKEDIT
  Old File Size: 5836
  New File Size: 17888447
  Old VM Size: 8192
  New VM Size: 17888447
Correcting LC_SYMTAB
  Old String Table Size: 1848
  New String Table Size: 17884459

> codesign -v -s "Code Signing Test" --force --timestamp --options=runtime 
> ppbinary 
ppbinary: signed Mach-O thin (x86_64) [ppbinary]


However, the signed binary is broken for PAR:

> ./ppbinary 
format error: can't find EOCD signature 
 at /loader/HASH(0x7fb593093028)/Archive/Zip/Archive.pm line 723.
        
Archive::Zip::Archive::_findEndOfCentralDirectory(Archive::Zip::Archive=HASH(0x7fb593801888),
 IO::File=GLOB(0x7fb593511598)) called at 
/loader/HASH(0x7fb593093028)/Archive/Zip/Archive.pm line 596
        
Archive::Zip::Archive::readFromFileHandle(Archive::Zip::Archive=HASH(0x7fb593801888),
 IO::File=GLOB(0x7fb593511598), "/Users/philkime/Desktop/NB/./ppbinary") called 
at -e line 373
        eval {...} called at -e line 41
        __par_pl::BEGIN() called at -e line 614
        eval {...} called at -e line 614
:  at -e line 373.

Compare the file sizes before and after codesigning:

BEFORE: 21107903
AFTER:   21291136

Difference is ~180K which is all appended after the PAR signature.


Can Mr Schupp or someone familiar with this comment on whether this looks like 
the 128K PAR signature limit needs to be relaxed further or is this a different 
problem?

Reply via email to