Skip Menu |
 

This queue is for tickets about the PAR-Packer CPAN distribution.

Report information
The Basics
Id: 129312
Status: open
Priority: 0/
Queue: PAR-Packer

People
Owner: Nobody in particular
Requestors: Philip [...] kime.org.uk
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Code signing for OSX
Date: Thu, 25 Apr 2019 18:33:28 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Philip Kime <philkime [...] kime.org.uk>
Download (untitled) / with headers
text/plain 310b
Has anyone managed to codesign PAR::Packer executables on OSX? I believe that in OSX 10.15, this will start to be mandatory for mainstream binaries and since I provide a binary for a major opens-source software distribution (TeXLive/MacTeX), I will need to codesign the packed binaries. PK -- Dr Philip Kime
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Thu, 25 Apr 2019 18:53:19 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: welle Ozean <welleozean [...] googlemail.com>
Download (untitled) / with headers
text/plain 1.5k
I've done a lot of research in the last few weeks on the topic (and asked a similar question here, see archive to see the interesting insights that came out). The short answer is that executable created with PAR::Packer can NOT be codesigned out-of-the-box on OSX (I have no problems to codesign it on Windows though). I virtually met a guy that has written a small application that can modify the executable so that it can be codesigned on OSX. Unfortunately, it is not open source and a fee is required. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virenfrei. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < bug-PAR-Packer@rt.cpan.org>: Show quoted text
> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. > Transaction: Ticket created by Philip@kime.org.uk > Queue: PAR-Packer > Subject: Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > Has anyone managed to codesign PAR::Packer executables on OSX? I believe > that in OSX 10.15, this will start to be mandatory for mainstream binaries > and since I provide a binary for a major opens-source software distribution > (TeXLive/MacTeX), I will need to codesign the packed binaries. > > PK > -- > Dr Philip Kime >
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 14:00:03 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
Download (untitled) / with headers
text/plain 2.3k
Hmm, I couldn’t see anything in the acrhive - do you have a link? I may look into this as PAR::Packer .exes will become an issue on OSX in the future if this isn’t solved given that codesigning will become mandatory. PK Show quoted text
> On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <bug-PAR-Packer@rt.cpan.org> wrote: > > Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. > Transaction: Correspondence added by welleozean@googlemail.com > Queue: PAR-Packer > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > I've done a lot of research in the last few weeks on the topic (and asked a > similar question here, see archive to see the interesting insights that > came out). The short answer is that executable created with PAR::Packer can > NOT be codesigned out-of-the-box on OSX (I have no problems to codesign it > on Windows though). I virtually met a guy that has written a small > application that can modify the executable so that it can be codesigned on > OSX. Unfortunately, it is not open source and a fee is required. > > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > Virenfrei. > www.avg.com > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < > bug-PAR-Packer@rt.cpan.org>: >
>> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. >> Transaction: Ticket created by Philip@kime.org.uk >> Queue: PAR-Packer >> Subject: Code signing for OSX >> Broken in: (no value) >> Severity: (no value) >> Owner: Nobody >> Requestors: Philip@kime.org.uk >> Status: new >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >> >> >> Has anyone managed to codesign PAR::Packer executables on OSX? I believe >> that in OSX 10.15, this will start to be mandatory for mainstream binaries >> and since I provide a binary for a major opens-source software distribution >> (TeXLive/MacTeX), I will need to codesign the packed binaries. >> >> PK >> -- >> Dr Philip Kime >>
-- Dr Philip Kime
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 14:27:41 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: welle ozean <welleozean [...] googlemail.com>
Download (untitled) / with headers
text/plain 3.1k
Hi, you are right. It was in the mailing list par@perl.org : you find it here: https://www.nntp.perl.org/group/perl.par/ PS: You are right about the urgency of the issue as it will become mandatary anytime soon. Welle Am Sa., 27. Apr. 2019 um 14:00 Uhr schrieb Kime Philip via RT < bug-PAR-Packer@rt.cpan.org>: Show quoted text
> Sat Apr 27 08:00:20 2019: Request 129312 was acted upon. > Transaction: Correspondence added by philkime@kime.org.uk > Queue: PAR-Packer > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: open > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > Hmm, I couldn’t see anything in the acrhive - do you have a link? I may > look into this as PAR::Packer .exes will become an issue on OSX in the > future if this isn’t solved given that codesigning will become mandatory. > > PK >
> > On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <
> bug-PAR-Packer@rt.cpan.org> wrote:
> > > > Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. > > Transaction: Correspondence added by welleozean@googlemail.com > > Queue: PAR-Packer > > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > > Broken in: (no value) > > Severity: (no value) > > Owner: Nobody > > Requestors: Philip@kime.org.uk > > Status: new > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > > > > I've done a lot of research in the last few weeks on the topic (and
> asked a
> > similar question here, see archive to see the interesting insights that > > came out). The short answer is that executable created with PAR::Packer
> can
> > NOT be codesigned out-of-the-box on OSX (I have no problems to codesign
> it
> > on Windows though). I virtually met a guy that has written a small > > application that can modify the executable so that it can be codesigned
> on
> > OSX. Unfortunately, it is not open source and a fee is required. > > > > <
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> > > > Virenfrei. > > www.avg.com > > <
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> > > > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > > > Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < > > bug-PAR-Packer@rt.cpan.org>: > >
> >> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. > >> Transaction: Ticket created by Philip@kime.org.uk > >> Queue: PAR-Packer > >> Subject: Code signing for OSX > >> Broken in: (no value) > >> Severity: (no value) > >> Owner: Nobody > >> Requestors: Philip@kime.org.uk > >> Status: new > >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > >> > >> > >> Has anyone managed to codesign PAR::Packer executables on OSX? I believe > >> that in OSX 10.15, this will start to be mandatory for mainstream
> binaries
> >> and since I provide a binary for a major opens-source software
> distribution
> >> (TeXLive/MacTeX), I will need to codesign the packed binaries. > >> > >> PK > >> -- > >> Dr Philip Kime > >>
> > -- > Dr Philip Kime >
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 15:50:16 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
Download (untitled) / with headers
text/plain 3.7k
Useful link, thank you. It is interesting that Mr Schupp mentions that strip would remove the appended parts but this highlights part of the issue with codesign I think as it give an error: strip: the __LINKEDIT segment does not cover the end of the file (can't be processed) in:… So it does indeed look like the appended parts need to be made into real MACH-O segments. PK Show quoted text
> On 27 Apr 2019, at 2:28 pm, claudio claudio via RT <bug-PAR-Packer@rt.cpan.org> wrote: > > <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > Hi, you are right. It was in the mailing list par@perl.org : you find it > here: https://www.nntp.perl.org/group/perl.par/ > PS: You are right about the urgency of the issue as it will become > mandatary anytime soon. > > Welle > > > > Am Sa., 27. Apr. 2019 um 14:00 Uhr schrieb Kime Philip via RT < > bug-PAR-Packer@rt.cpan.org>: >
>> Sat Apr 27 08:00:20 2019: Request 129312 was acted upon. >> Transaction: Correspondence added by philkime@kime.org.uk >> Queue: PAR-Packer >> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >> Broken in: (no value) >> Severity: (no value) >> Owner: Nobody >> Requestors: Philip@kime.org.uk >> Status: open >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >> >> >> Hmm, I couldn’t see anything in the acrhive - do you have a link? I may >> look into this as PAR::Packer .exes will become an issue on OSX in the >> future if this isn’t solved given that codesigning will become mandatory. >> >> PK >>
>>> On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <
>> bug-PAR-Packer@rt.cpan.org> wrote:
>>> >>> Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. >>> Transaction: Correspondence added by welleozean@googlemail.com >>> Queue: PAR-Packer >>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >>> Broken in: (no value) >>> Severity: (no value) >>> Owner: Nobody >>> Requestors: Philip@kime.org.uk >>> Status: new >>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>> >>> >>> I've done a lot of research in the last few weeks on the topic (and
>> asked a
>>> similar question here, see archive to see the interesting insights that >>> came out). The short answer is that executable created with PAR::Packer
>> can
>>> NOT be codesigned out-of-the-box on OSX (I have no problems to codesign
>> it
>>> on Windows though). I virtually met a guy that has written a small >>> application that can modify the executable so that it can be codesigned
>> on
>>> OSX. Unfortunately, it is not open source and a fee is required. >>> >>> <
>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>> >>> Virenfrei. >>> www.avg.com >>> <
>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>> >>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>> >>> Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < >>> bug-PAR-Packer@rt.cpan.org>: >>>
>>>> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. >>>> Transaction: Ticket created by Philip@kime.org.uk >>>> Queue: PAR-Packer >>>> Subject: Code signing for OSX >>>> Broken in: (no value) >>>> Severity: (no value) >>>> Owner: Nobody >>>> Requestors: Philip@kime.org.uk >>>> Status: new >>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>>> >>>> >>>> Has anyone managed to codesign PAR::Packer executables on OSX? I believe >>>> that in OSX 10.15, this will start to be mandatory for mainstream
>> binaries
>>>> and since I provide a binary for a major opens-source software
>> distribution
>>>> (TeXLive/MacTeX), I will need to codesign the packed binaries. >>>> >>>> PK >>>> -- >>>> Dr Philip Kime >>>>
>> >> -- >> Dr Philip Kime >>
>
-- Dr Philip Kime
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 16:33:35 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
Download (untitled) / with headers
text/plain 4.2k
I can get part of the way so far. I can manually fix the binary headers which makes codesign at least run but this breaks PAR. This is expected I suppose and we need to make some more modifications … Show quoted text
> codesign -s "Code Signing Test" -v b
b: signed Mach-O thin (x86_64) [b] Show quoted text
> ./b
format error: can't find EOCD signature at /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 723. Archive::Zip::Archive::_findEndOfCentralDirectory(Archive::Zip::Archive=HASH(0x7fcef88e1a88), IO::File=GLOB(0x7fcef8d6af98)) called at /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 596 Archive::Zip::Archive::readFromFileHandle(Archive::Zip::Archive=HASH(0x7fcef88e1a88), IO::File=GLOB(0x7fcef8d6af98), "/Users/philkime/Desktop/NB/./b") called at -e line 373 eval {...} called at -e line 41 __par_pl::BEGIN() called at -e line 614 eval {...} called at -e line 614 : at -e line 373. Show quoted text
> On 27 Apr 2019, at 2:28 pm, claudio claudio via RT <bug-PAR-Packer@rt.cpan.org> wrote: > > <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > Hi, you are right. It was in the mailing list par@perl.org : you find it > here: https://www.nntp.perl.org/group/perl.par/ > PS: You are right about the urgency of the issue as it will become > mandatary anytime soon. > > Welle > > > > Am Sa., 27. Apr. 2019 um 14:00 Uhr schrieb Kime Philip via RT < > bug-PAR-Packer@rt.cpan.org>: >
>> Sat Apr 27 08:00:20 2019: Request 129312 was acted upon. >> Transaction: Correspondence added by philkime@kime.org.uk >> Queue: PAR-Packer >> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >> Broken in: (no value) >> Severity: (no value) >> Owner: Nobody >> Requestors: Philip@kime.org.uk >> Status: open >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >> >> >> Hmm, I couldn’t see anything in the acrhive - do you have a link? I may >> look into this as PAR::Packer .exes will become an issue on OSX in the >> future if this isn’t solved given that codesigning will become mandatory. >> >> PK >>
>>> On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <
>> bug-PAR-Packer@rt.cpan.org> wrote:
>>> >>> Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. >>> Transaction: Correspondence added by welleozean@googlemail.com >>> Queue: PAR-Packer >>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >>> Broken in: (no value) >>> Severity: (no value) >>> Owner: Nobody >>> Requestors: Philip@kime.org.uk >>> Status: new >>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>> >>> >>> I've done a lot of research in the last few weeks on the topic (and
>> asked a
>>> similar question here, see archive to see the interesting insights that >>> came out). The short answer is that executable created with PAR::Packer
>> can
>>> NOT be codesigned out-of-the-box on OSX (I have no problems to codesign
>> it
>>> on Windows though). I virtually met a guy that has written a small >>> application that can modify the executable so that it can be codesigned
>> on
>>> OSX. Unfortunately, it is not open source and a fee is required. >>> >>> <
>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>> >>> Virenfrei. >>> www.avg.com >>> <
>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>> >>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>> >>> Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < >>> bug-PAR-Packer@rt.cpan.org>: >>>
>>>> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. >>>> Transaction: Ticket created by Philip@kime.org.uk >>>> Queue: PAR-Packer >>>> Subject: Code signing for OSX >>>> Broken in: (no value) >>>> Severity: (no value) >>>> Owner: Nobody >>>> Requestors: Philip@kime.org.uk >>>> Status: new >>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>>> >>>> >>>> Has anyone managed to codesign PAR::Packer executables on OSX? I believe >>>> that in OSX 10.15, this will start to be mandatory for mainstream
>> binaries
>>>> and since I provide a binary for a major opens-source software
>> distribution
>>>> (TeXLive/MacTeX), I will need to codesign the packed binaries. >>>> >>>> PK >>>> -- >>>> Dr Philip Kime >>>>
>> >> -- >> Dr Philip Kime >>
>
-- Dr Philip Kime
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 16:47:01 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
Download (untitled) / with headers
text/plain 5.2k
Hmm, I sense a problem here. In the linked comments from Mr Schupp, he states that the PAR signature can be located in the last 128K of the binary. However, it seems that codesign, at least with the cert etc. I am using, adds about 180K to the binary and so the signature can’t be found in the last 128K. Would that account for the error I noted below? PK Show quoted text
> On 27 Apr 2019, at 4:33 pm, Kime Philip via RT <bug-PAR-Packer@rt.cpan.org> wrote: > > Sat Apr 27 10:33:53 2019: Request 129312 was acted upon. > Transaction: Correspondence added by philkime@kime.org.uk > Queue: PAR-Packer > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: open > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > I can get part of the way so far. I can manually fix the binary headers which makes codesign at least run but this breaks PAR. This is expected I suppose and we need to make some more modifications … >
>> codesign -s "Code Signing Test" -v b
> b: signed Mach-O thin (x86_64) [b] >
>> ./b
> format error: can't find EOCD signature > at /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 723. > Archive::Zip::Archive::_findEndOfCentralDirectory(Archive::Zip::Archive=HASH(0x7fcef88e1a88), IO::File=GLOB(0x7fcef8d6af98)) called at /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 596 > Archive::Zip::Archive::readFromFileHandle(Archive::Zip::Archive=HASH(0x7fcef88e1a88), IO::File=GLOB(0x7fcef8d6af98), "/Users/philkime/Desktop/NB/./b") called at -e line 373 > eval {...} called at -e line 41 > __par_pl::BEGIN() called at -e line 614 > eval {...} called at -e line 614 > : at -e line 373. >
>> On 27 Apr 2019, at 2:28 pm, claudio claudio via RT <bug-PAR-Packer@rt.cpan.org> wrote: >> >> <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >> >> Hi, you are right. It was in the mailing list par@perl.org : you find it >> here: https://www.nntp.perl.org/group/perl.par/ >> PS: You are right about the urgency of the issue as it will become >> mandatary anytime soon. >> >> Welle >> >> >> >> Am Sa., 27. Apr. 2019 um 14:00 Uhr schrieb Kime Philip via RT < >> bug-PAR-Packer@rt.cpan.org>: >>
>>> Sat Apr 27 08:00:20 2019: Request 129312 was acted upon. >>> Transaction: Correspondence added by philkime@kime.org.uk >>> Queue: PAR-Packer >>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >>> Broken in: (no value) >>> Severity: (no value) >>> Owner: Nobody >>> Requestors: Philip@kime.org.uk >>> Status: open >>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>> >>> >>> Hmm, I couldn’t see anything in the acrhive - do you have a link? I may >>> look into this as PAR::Packer .exes will become an issue on OSX in the >>> future if this isn’t solved given that codesigning will become mandatory. >>> >>> PK >>>
>>>> On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <
>>> bug-PAR-Packer@rt.cpan.org> wrote:
>>>> >>>> Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. >>>> Transaction: Correspondence added by welleozean@googlemail.com >>>> Queue: PAR-Packer >>>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >>>> Broken in: (no value) >>>> Severity: (no value) >>>> Owner: Nobody >>>> Requestors: Philip@kime.org.uk >>>> Status: new >>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>>> >>>> >>>> I've done a lot of research in the last few weeks on the topic (and
>>> asked a
>>>> similar question here, see archive to see the interesting insights that >>>> came out). The short answer is that executable created with PAR::Packer
>>> can
>>>> NOT be codesigned out-of-the-box on OSX (I have no problems to codesign
>>> it
>>>> on Windows though). I virtually met a guy that has written a small >>>> application that can modify the executable so that it can be codesigned
>>> on
>>>> OSX. Unfortunately, it is not open source and a fee is required. >>>> >>>> <
>>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>>> >>>> Virenfrei. >>>> www.avg.com >>>> <
>>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>>> >>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>>> >>>> Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < >>>> bug-PAR-Packer@rt.cpan.org>: >>>>
>>>>> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. >>>>> Transaction: Ticket created by Philip@kime.org.uk >>>>> Queue: PAR-Packer >>>>> Subject: Code signing for OSX >>>>> Broken in: (no value) >>>>> Severity: (no value) >>>>> Owner: Nobody >>>>> Requestors: Philip@kime.org.uk >>>>> Status: new >>>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>>>> >>>>> >>>>> Has anyone managed to codesign PAR::Packer executables on OSX? I believe >>>>> that in OSX 10.15, this will start to be mandatory for mainstream
>>> binaries
>>>>> and since I provide a binary for a major opens-source software
>>> distribution
>>>>> (TeXLive/MacTeX), I will need to codesign the packed binaries. >>>>> >>>>> PK >>>>> -- >>>>> Dr Philip Kime >>>>>
>>> >>> -- >>> Dr Philip Kime >>>
>>
> > -- > Dr Philip Kime
-- Dr Philip Kime
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 19:40:13 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: welle ozean <welleozean [...] googlemail.com>
Download (untitled) / with headers
text/plain 6.7k
Yes, I noted this too. Probably - but sure I am not - it would solve the problem to further relax the 128K slot. This was added in the past, as far as I could reconstruct the issue, to allow codesigning. As codesiging works fine on Windows, I suspect that it simply needs more space on macOS. Therefore, a possible solution could be to make the slot bigger. How to achieve this, unfortunately, I do not know (plus it is just a speculation). <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virenfrei. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> Am Sa., 27. Apr. 2019 um 16:47 Uhr schrieb Kime Philip via RT < bug-PAR-Packer@rt.cpan.org>: Show quoted text
> Sat Apr 27 10:47:12 2019: Request 129312 was acted upon. > Transaction: Correspondence added by philkime@kime.org.uk > Queue: PAR-Packer > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: open > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > Hmm, I sense a problem here. In the linked comments from Mr Schupp, he > states that the PAR signature can be located in the last 128K of the > binary. However, it seems that codesign, at least with the cert etc. I am > using, adds about 180K to the binary and so the signature can’t be found in > the last 128K. Would that account for the error I noted below? > > PK >
> > On 27 Apr 2019, at 4:33 pm, Kime Philip via RT <
> bug-PAR-Packer@rt.cpan.org> wrote:
> > > > Sat Apr 27 10:33:53 2019: Request 129312 was acted upon. > > Transaction: Correspondence added by philkime@kime.org.uk > > Queue: PAR-Packer > > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > > Broken in: (no value) > > Severity: (no value) > > Owner: Nobody > > Requestors: Philip@kime.org.uk > > Status: open > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > > > > I can get part of the way so far. I can manually fix the binary headers
> which makes codesign at least run but this breaks PAR. This is expected I > suppose and we need to make some more modifications …
> >
> >> codesign -s "Code Signing Test" -v b
> > b: signed Mach-O thin (x86_64) [b] > >
> >> ./b
> > format error: can't find EOCD signature > > at /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 723. > >
> Archive::Zip::Archive::_findEndOfCentralDirectory(Archive::Zip::Archive=HASH(0x7fcef88e1a88), > IO::File=GLOB(0x7fcef8d6af98)) called at > /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 596
> >
> Archive::Zip::Archive::readFromFileHandle(Archive::Zip::Archive=HASH(0x7fcef88e1a88), > IO::File=GLOB(0x7fcef8d6af98), "/Users/philkime/Desktop/NB/./b") called at > -e line 373
> > eval {...} called at -e line 41 > > __par_pl::BEGIN() called at -e line 614 > > eval {...} called at -e line 614 > > : at -e line 373. > >
> >> On 27 Apr 2019, at 2:28 pm, claudio claudio via RT <
> bug-PAR-Packer@rt.cpan.org> wrote:
> >> > >> <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > >> > >> Hi, you are right. It was in the mailing list par@perl.org : you find
> it
> >> here: https://www.nntp.perl.org/group/perl.par/ > >> PS: You are right about the urgency of the issue as it will become > >> mandatary anytime soon. > >> > >> Welle > >> > >> > >> > >> Am Sa., 27. Apr. 2019 um 14:00 Uhr schrieb Kime Philip via RT < > >> bug-PAR-Packer@rt.cpan.org>: > >>
> >>> Sat Apr 27 08:00:20 2019: Request 129312 was acted upon. > >>> Transaction: Correspondence added by philkime@kime.org.uk > >>> Queue: PAR-Packer > >>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX > >>> Broken in: (no value) > >>> Severity: (no value) > >>> Owner: Nobody > >>> Requestors: Philip@kime.org.uk > >>> Status: open > >>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > >>> > >>> > >>> Hmm, I couldn’t see anything in the acrhive - do you have a link? I may > >>> look into this as PAR::Packer .exes will become an issue on OSX in the > >>> future if this isn’t solved given that codesigning will become
> mandatory.
> >>> > >>> PK > >>>
> >>>> On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <
> >>> bug-PAR-Packer@rt.cpan.org> wrote:
> >>>> > >>>> Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. > >>>> Transaction: Correspondence added by welleozean@googlemail.com > >>>> Queue: PAR-Packer > >>>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX > >>>> Broken in: (no value) > >>>> Severity: (no value) > >>>> Owner: Nobody > >>>> Requestors: Philip@kime.org.uk > >>>> Status: new > >>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > >>>> > >>>> > >>>> I've done a lot of research in the last few weeks on the topic (and
> >>> asked a
> >>>> similar question here, see archive to see the interesting insights
> that
> >>>> came out). The short answer is that executable created with
> PAR::Packer
> >>> can
> >>>> NOT be codesigned out-of-the-box on OSX (I have no problems to
> codesign
> >>> it
> >>>> on Windows though). I virtually met a guy that has written a small > >>>> application that can modify the executable so that it can be
> codesigned
> >>> on
> >>>> OSX. Unfortunately, it is not open source and a fee is required. > >>>> > >>>> <
> >>>
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> >>>> > >>>> Virenfrei. > >>>> www.avg.com > >>>> <
> >>>
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> >>>> > >>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > >>>> > >>>> Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < > >>>> bug-PAR-Packer@rt.cpan.org>: > >>>>
> >>>>> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. > >>>>> Transaction: Ticket created by Philip@kime.org.uk > >>>>> Queue: PAR-Packer > >>>>> Subject: Code signing for OSX > >>>>> Broken in: (no value) > >>>>> Severity: (no value) > >>>>> Owner: Nobody > >>>>> Requestors: Philip@kime.org.uk > >>>>> Status: new > >>>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > >>>>> > >>>>> > >>>>> Has anyone managed to codesign PAR::Packer executables on OSX? I
> believe
> >>>>> that in OSX 10.15, this will start to be mandatory for mainstream
> >>> binaries
> >>>>> and since I provide a binary for a major opens-source software
> >>> distribution
> >>>>> (TeXLive/MacTeX), I will need to codesign the packed binaries. > >>>>> > >>>>> PK > >>>>> -- > >>>>> Dr Philip Kime > >>>>>
> >>> > >>> -- > >>> Dr Philip Kime > >>>
> >>
> > > > -- > > Dr Philip Kime
> > -- > Dr Philip Kime >
Download (untitled) / with headers
text/html 11.5k
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 20:26:09 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
Download (untitled) / with headers
text/plain 1.8k
I now have an OSX C program which which I can contribute which fixes the two issues preventing code signing. It only works with 64-bit non-fat Mach-O binaries but since, I believe, this is what is allowed by Apple for distributions that uses code-signing, I don’t see a problem with this. I can generalise it if necessary. See sample output: Show quoted text
> codesign -v -s "Code Signing Test" --force --timestamp --options=runtime ppbinary
ppbinary: main executable failed strict validation Show quoted text
> pp_codesign_fix ppbinary
Correcting __LINKEDIT Old File Size: 5836 New File Size: 17888447 Old VM Size: 8192 New VM Size: 17888447 Correcting LC_SYMTAB Old String Table Size: 1848 New String Table Size: 17884459 Show quoted text
> codesign -v -s "Code Signing Test" --force --timestamp --options=runtime ppbinary
ppbinary: signed Mach-O thin (x86_64) [ppbinary] However, the signed binary is broken for PAR: Show quoted text
> ./ppbinary
format error: can't find EOCD signature at /loader/HASH(0x7fb593093028)/Archive/Zip/Archive.pm line 723. Archive::Zip::Archive::_findEndOfCentralDirectory(Archive::Zip::Archive=HASH(0x7fb593801888), IO::File=GLOB(0x7fb593511598)) called at /loader/HASH(0x7fb593093028)/Archive/Zip/Archive.pm line 596 Archive::Zip::Archive::readFromFileHandle(Archive::Zip::Archive=HASH(0x7fb593801888), IO::File=GLOB(0x7fb593511598), "/Users/philkime/Desktop/NB/./ppbinary") called at -e line 373 eval {...} called at -e line 41 __par_pl::BEGIN() called at -e line 614 eval {...} called at -e line 614 : at -e line 373. Compare the file sizes before and after codesigning: BEFORE: 21107903 AFTER: 21291136 Difference is ~180K which is all appended after the PAR signature. Can Mr Schupp or someone familiar with this comment on whether this looks like the 128K PAR signature limit needs to be relaxed further or is this a different problem?
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sun, 28 Apr 2019 00:37:21 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
Download (untitled) / with headers
text/plain 564b
Looking into this further, I am fairly sure that Archive::Zip::ChunkSize needs to be increased in par.pl and also the 128k limit for the PAR signature also needs to be increased. Doubling both to 256k would likely be appropriate. All tests for PAR::Packer pass if I do this but I still get the same error after codesigning so I am missing something as Archive::Zip still fails to find the EOCD marker for some reason, even with the increased window size which does (I have checked) include the EOCD marker once the ChunkSize has been modified. -- Dr Philip Kime
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sun, 28 Apr 2019 14:08:09 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
I believe that I now have a fix for this. See: https://github.com/rschupp/PAR-Packer/pull/14 There is a contributed small program which is run on the pp exe and edits it in-place. This makes codesigning work. There is a also a small fix for par.pl required in PAR::Packer to allow unpacking of codesigned exes. With these two elements in place, in my tests, I can codesign and run a pp binary. PK Show quoted text
> On 28 Apr 2019, at 12:37 am, Kime Philip <Philip@kime.org.uk> wrote: > > > Looking into this further, I am fairly sure that Archive::Zip::ChunkSize needs to be increased in par.pl and also the 128k limit for the PAR signature also needs to be increased. Doubling both to 256k would likely be appropriate. All tests for PAR::Packer pass if I do this but I still get the same error after codesigning so I am missing something as Archive::Zip still fails to find the EOCD marker for some reason, even with the increased window size which does (I have checked) include the EOCD marker once the ChunkSize has been modified. > > -- > Dr Philip Kime >
-- Dr Philip Kime
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Mon, 29 Apr 2019 09:59:21 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: welle ozean <welleozean [...] googlemail.com>
Download (untitled) / with headers
text/plain 1.7k
I tried it out and I have been able to create my executable, fix it and code sign it correctly. Great job! Welle Am So., 28. Apr. 2019 um 14:08 Uhr schrieb Kime Philip via RT < bug-PAR-Packer@rt.cpan.org>: Show quoted text
> Sun Apr 28 08:08:23 2019: Request 129312 was acted upon. > Transaction: Correspondence added by philkime@kime.org.uk > Queue: PAR-Packer > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: open > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > I believe that I now have a fix for this. See: > > https://github.com/rschupp/PAR-Packer/pull/14 > > There is a contributed small program which is run on the pp exe and edits > it in-place. This makes codesigning work. There is a also a small fix for > par.pl required in PAR::Packer to allow unpacking of codesigned exes. > With these two elements in place, in my tests, I can codesign and run a pp > binary. > > PK >
> > On 28 Apr 2019, at 12:37 am, Kime Philip <Philip@kime.org.uk> wrote: > > > > > > Looking into this further, I am fairly sure that Archive::Zip::ChunkSize
> needs to be increased in par.pl and also the 128k limit for the PAR > signature also needs to be increased. Doubling both to 256k would likely be > appropriate. All tests for PAR::Packer pass if I do this but I still get > the same error after codesigning so I am missing something as Archive::Zip > still fails to find the EOCD marker for some reason, even with the > increased window size which does (I have checked) include the EOCD marker > once the ChunkSize has been modified.
> > > > -- > > Dr Philip Kime > >
> > -- > Dr Philip Kime >
Download (untitled) / with headers
text/plain 284b
On 2019-04-28 08:08:23, philkime@kime.org.uk wrote: Show quoted text
> I believe that I now have a fix for this. See: > > https://github.com/rschupp/PAR-Packer/pull/14
Thanks Phil! See my comments on the PR, it's almost ready to be merged and I'll do a release of PAR::Packer then. Cheers, Roderich


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.