• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Strange issue with version2 code-signing
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Strange issue with version2 code-signing

  • Subject: Strange issue with version2 code-signing
  • From: Stephen Kay <email@hidden>
  • Date: Wed, 29 Oct 2014 18:05:31 -0400
  • Thread-topic: Strange issue with version2 code-signing
The version 2 codesign tool will allow me to replace a version 1
signature, but will not allow me to freshly sign a copy of the same app.

This is an older Carbon app. The final .app is built on 10.6.8 with Xcode
3.2 (ancient, I know - but hey, it runs on Yosemite perfectly fine.)

So, I move the unsigned app over to a Mavericks partition, where I attempt
to use the code-sign tool to give it the new v2 codesigning. It fails:

codesign -s "Developer ID Application" "Example.app" -fv
Example.app: main executable failed strict validation
But, if I codesign it with version 1 *first* on the 10.6.8 machine, then
move it to Mavericks and *replace* the existing signature with v2, it
works fine:

On the Mavericks machine, first we check the existing v1 signature:

codesign -dv "Example.app"

[...]
Format=bundle with Mach-O universal (i386 ppc)CodeDirectory v=20100
size=65533 flags=0x0(none) hashes=3270+3 location=embedded
Signature size=4220
Signed Time=Oct 29, 2014, 5:33:54 PM
Info.plist entries=22
TeamIdentifier=not set
Sealed Resources version=1 rules=4 files=20
Internal requirements count=1 size=152

(Second last line shows version.)

OK, now we try to codesign it with v2, and it works:

codesign -s "Developer ID Application" "Example.app" -fv
Example.app: replacing existing signature

Example.app: signed bundle with Mach-O universal (i386 ppc)
[com.example.example]
Now, we check it again and see that it has v2 codesigning:


codesign -dv "Example.app"
[...]

Format=bundle with Mach-O universal (i386 ppc)CodeDirectory v=20200
size=65548 flags=0x0(none) hashes=3270+3 location=embedded
Signature size=8511
Timestamp=Oct 29, 2014, 5:36:06 PM
Info.plist entries=22
TeamIdentifier=CE5P9HVLTN
Sealed Resources version=2 rules=12 files=20
Internal requirements count=1 size=184


Why would I get "main executable failed strict validation" on an unsigned
app, yet it allows me to replace a v1 signature with no errors?


I've been trying to find out what this means, but all I've come across so
far is:

codesign says my main executable failed strict validation.
* Your Mach-O executable does not conform to modern Mach-O layout rules.
* You may be using a third party development product that hasn't been
brought up to date, or post-processed your file in unsupported ways.

OK, but then have I come up with a workaround that allows me to leave
things the way they are? Just codesign it with v1 first and then replace
it with v2?

Thanks,
- Stephen




 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Strange issue with version2 code-signing
      • From: Jerry Krinock <email@hidden>
  • Prev by Date: Re: garcon messages in Xcode console
  • Next by Date: Re: Strange issue with version2 code-signing
  • Previous by thread: Re: Where does printf go?
  • Next by thread: Re: Strange issue with version2 code-signing
  • Index(es):
    • Date
    • Thread