On Fri, Apr 12, 2019 at 11:34 PM welle Ozean via par wrote:
> I need some help with the following issue. I need to codesign my macOS
> .app containing an executable created with pp. Unfortunately code signing
> fails with the error 'main executable failed strict validation'
>
It's helpful to know what an executable created by pp is made up of:
1. an actual executable (it's the same for any executable created by pp)
2. a zip file contaning Perl modules, scripts, DLLs, data etc
3. other stuff, e.g. a bunch of essential Perl modules (not in the zip),
a SHA1 and the PAR "signature" "\nPAR.pm\n"
These parts are simply concatenated. Note that the extra stuff in 2 and 3
is not reflected in the (Mach-O, ELF etc depending on the OS) headers of
the actual executable.
One can easily demonstrate this by running the pp created executable thru
"strip" - this removes parts 2 and 3, rendering the result a valid
executable, but no longer working for PAR.
I found this
> https://stackoverflow.com/questions/28863500/code-signing-in-mac-with-perl-scripts-compiled-with-parpacker-fails
> but I am not sure if it has to do with pp and, furthermore, there is not a
> complete solution.
>
It's conceivable that one can write a program to manipulate the Mach-O
headers of the executabe so that parts 2 and 3 become "legitimate" sections
of the executable. I don't know whether the Python script mentioned in the
stackoverflow achieves that. Note that the problem - that the PAR signature
has to be the last thing in the executable - has since been relaxed, it
will be searched for in the last 128 kB of the executable, so appending
stuff (e.g. the "codesign" signature) should be safe.
Cheers, Roderich
