[PATCH] D111164: Regenerate LC_CODE_SIGNATURE during llvm-objcopy operations
Nico Weber via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Apr 22 06:02:55 PDT 2022
thakis added a comment.
Herald added a project: All.
cctools's strip only resigns after stripping if the signature was linker-generated (i.e. `MachO::CS_ADHOC | MachO::CS_LINKER_SIGNED` are set), and otherwise emits a warning:
% cat hello.cc
#include <stdio.h>
int main() { printf("hello\n"); }
% clang hello.cc && codesign --sign - a.out && strip a.out
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/strip: warning: changes being made to the file will invalidate the code signature in: /Users/thakis/src/llvm-project/a.out
% ./a.out
zsh: killed ./a.out. # because signature is now wrong
This makes some sense: If a binary was explicitly signed, the explicit signature will be wrong.
On the other hand, if we re-sign, the binary can at least run, so I'm not sure if we should fully adopt cctools's behavior. But maybe we should emit a warning if we re-sign a binary that doesn't have a linker-generated signature?
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D111164/new/
https://reviews.llvm.org/D111164
More information about the llvm-commits
mailing list