• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Code Signing
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code Signing

  • Subject: Re: Code Signing
  • From: Chris Suter <email@hidden>
  • Date: Mon, 7 Sep 2009 09:22:43 +1000
Hi Peter,

On Sun, Sep 6, 2009 at 9:00 PM, Peter Hudson<email@hidden> wrote:
> I notice that when I sign code ( the whole app )  I  land up with 2
> additional items in my /Contents directory in the app bundle.
> These items are a folder called _CodeSignature  and an alias called
> CodeResources.
>
> If I delete these two items, the code still identifies itself as signed (
> when I attempt to run codesign on it again ).
> Also, the app still runs.
>
> I was wondering if these files are meant to remain or if removing them is
> not an issue ?

Within an application bundle there are signatures for all the files
within the bundle and then there's a signature for the binary itself.
The signature for the binary is stored within executable and you can
see it if you use the otool -l command (look for the
LC_CODE_SIGNATURE). The signature for all the resources is stored
within the file you've discovered.

As far as I know, except for static validation (using the codesign
tool), the signature for the resources isn't used by much (or at least
it wasn't for Leopard).

The signature for the binary is used by the system for various things.
For example you can set the kill flag to have your application
terminated if there's an invalid signature, and it's used for Keychain
access (so that if you upgrade an application, you won't be prompted
again for password access provided the signature remains valid).

It's important to remember that code signatures are not really there
to prevent malware from running, or make it harder for hackers (since
it's trivial to remove a code signature or replace them other valid
signatures).

At any rate, you shouldn't be deleting those files. If you remove
them, the signature will be invalidated.

By the way, the best list for code signing questions is the apple-cdsa list.

Kind regards,

Chris
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Code Signing
      • From: Peter Hudson <email@hidden>
    • Re: Code Signing
      • From: Charles Srstka <email@hidden>
References: 
 >Code Signing (From: Peter Hudson <email@hidden>)

  • Prev by Date: Distributed Objects in Foundation Tool
  • Next by Date: Re: How do I update a constraint on my CALayer?
  • Previous by thread: Re: Code Signing
  • Next by thread: Re: Code Signing
  • Index(es):
    • Date
    • Thread