Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use the managed signer to remove the code signature from singlefile bundles #110063

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

jtschuster
Copy link
Member

@jtschuster jtschuster commented Nov 21, 2024

When working on using the managed Mac signer in the SDK on non-mac hosts, I found that since the bundler uses codesign to remove the signature, we end up with an invalid signature for single file osx executables. This PR updates the bundler to use the managed signer to remove the signature.

Signing bundles requires a little more thought and effort since the headers/load commands need to be updated to include the bundle data in the file. This will be done in a separate PR.

Part of #110055.

@jtschuster jtschuster added the area-HostModel Microsoft.NET.HostModel issues label Nov 21, 2024
@jtschuster jtschuster added this to the 10.0.0 milestone Nov 21, 2024
Copy link
Contributor

Tagging subscribers to this area: @vitek-karas, @agocke
See info in area-owners.md if you want to be subscribed.

Copy link
Contributor

Tagging subscribers to this area: @agocke, @vitek-karas, @VSadov
See info in area-owners.md if you want to be subscribed.

@am11
Copy link
Member

am11 commented Nov 21, 2024

since the bundler uses codesign to remove the signature, we end up with an invalid signature for single file osx executables

Was it due to some unintentional refactoring? SingleFile was a no-diff in #108992 because it required follow-up work. I understand that ultimately we want to use managed codesign everywhere, just trying to understand do we know what went wrong?

@jtschuster
Copy link
Member Author

since the bundler uses codesign to remove the signature, we end up with an invalid signature for single file osx executables

Was it due to some unintentional refactoring? SingleFile was a no-diff in #108992 because it required follow-up work. I understand that ultimately we want to use managed codesign everywhere, just trying to understand do we know what went wrong?

Nothing went wrong, we would only end up with an invalid signature if we merge the SDK PR (dotnet/sdk#45019) before this. HostWriter.CreateAppHost would create a signed SingleFile host on Windows or Linux, but then Bundler wouldn't remove it before creating the bundle, since it only does signing tasks with codesign.

// Note: We're comparing file paths both on the OS we're running on as well as on the target OS for the app
// We can't really make assumptions about the file systems (even on Linux there can be case insensitive file systems
// and vice versa for Windows). So it's safer to do case sensitive comparison everywhere.
var relativePathToSpec = new Dictionary<string, FileSpec>(StringComparer.Ordinal);

long headerOffset = 0;
using (BinaryWriter writer = new BinaryWriter(File.OpenWrite(bundlePath)))
using (FileStream bundle = File.Open(bundlePath, FileMode.Open, FileAccess.ReadWrite))
using (BinaryWriter writer = new BinaryWriter(bundle))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BinaryWriter will close the stream on dispose. Now that we're disposing of the stream ourselves, I expect we want to use the overload that allows specifying to leave it open.

Comment on lines 293 to 294
newLength ??= new FileInfo(bundlePath).Length;
bundle.SetLength(newLength.Value);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updating the length should only be needed if TryRemoveCodesign returns true, right? Can we move this up into a conditional based on that?

.Execute(expectedToFail: !shouldCodesign);
if (!RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
{
SigningTests.IsSigned(bundledApp).Should().BeFalse();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be based on shouldCodeSign?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, this is because the signing still goes through codesign itself / is macOS-only for now, right? Can you add a comment?

- Add comment why single file hosts aren't signed on non-mac yet
- Set length of file only if the signature is removed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-HostModel Microsoft.NET.HostModel issues
Projects
Status: No status
Development

Successfully merging this pull request may close these issues.

4 participants