Macos 缺陷在codesign中--删除签名功能
我想从已使用codesign签名的Mac应用程序中删除数字签名。代码设计有一个未记录的选项,-删除签名,它的名字似乎就是我需要的。然而,我不能让它工作。我意识到它没有文档记录,但我真的可以使用它的功能。也许我做错了什么Macos 缺陷在codesign中--删除签名功能,macos,digital-signature,Macos,Digital Signature,我想从已使用codesign签名的Mac应用程序中删除数字签名。代码设计有一个未记录的选项,-删除签名,它的名字似乎就是我需要的。然而,我不能让它工作。我意识到它没有文档记录,但我真的可以使用它的功能。也许我做错了什么 codesign -s MyIdentity foo.app 正常工作,对应用程序进行签名 codesign --remove-signature foo.app 执行磁盘活动几秒钟,然后说 foo.app: invalid format for signature
codesign -s MyIdentity foo.app
正常工作,对应用程序进行签名
codesign --remove-signature foo.app
执行磁盘活动几秒钟,然后说
foo.app: invalid format for signature
而且foo.app已经增长到1.9GB!!!(具体来说,它是foo.app/Contents/Resources/MacOS中的可执行文件,从1.1MB增长到1.9GB。)
当我尝试对二进制支持工具而不是.app进行签名/取消签名时,也会发生同样的情况
有什么想法吗
背景:这是我自己的应用程序;我不是想打败版权保护之类的东西 我想分发一个已签名的应用程序,这样应用程序的每次更新都不需要用户批准即可读取/写入应用程序在密钥链中的条目。但是,有些人需要通过将自己的文件夹添加到/Resources来修改应用程序。如果他们这样做,签名将无效,应用程序将无法使用自己的密钥链条目
应用程序可以很容易地检测到是否发生了这种情况。如果应用程序可以删除它的签名,一切都会很好。进行此修改的人需要授予已修改的、现在尚未签名的应用程序使用钥匙链的权限,但我没意见。我同意,当您删除签名时,出现了一些奇怪的情况 但是,您应该更改用户在
参考资料中放置额外文件的方式,而不是尝试取消代码签名。相反,通常指定一条特定的路径
~/Library/Application Support/Name_Of_Your_App/
或许
~/Library/Application Support/Name_Of_Your_App/Resources/
并要求用户在那里放置额外的文件。然后,在您的代码中,当您需要读取文件时,请始终检查参考资料中的文件之外的目录 用于列出所有选项的codesign
,包括命令行-h
和手册页中未包含的选项
还有,有点晚了,但我更新了一个名为unsign
的公共域工具,它修改可执行文件以清除签名
我今天遇到了这个问题。我可以确认,苹果公司的codesign
的--remove signature
选项(在OP提出这个问题六年后仍然存在)存在严重缺陷
作为一个小背景,Xcode(和苹果的命令行开发工具)包括codesign
实用程序,但没有用于删除签名的工具。但是,由于这是在某些情况下需要经常执行的操作,因此包含了一个完全未记录的选项:
codesign——删除签名
(考虑到缺乏文档,我们假设)应该是相当自解释的,但不幸的是,如果不付出一些努力,它很少能按预期工作。所以我最终写了一个脚本,应该能解决OP的问题,我的问题,以及类似的问题。如果有足够多的人在这里找到它并发现它很有用,请告诉我,我会把它放在GitHub上
在对这个问题进行二读时,另一个想法是:也许实现问题最终目标的更好方法不是删除签名,而是让用户(通过脚本/透明地)在修改后使用特别签名对应用程序重新签名。也就是说,我相信,codesign-fs-[app]
。请参见用户可能有多个应用程序副本,其中包含不同的额外文件,并且可能会移动应用程序。如果他们的额外文件在应用程序中,一切正常。否则,我必须根据应用程序的位置以某种方式跟踪不同的文件,然后如果应用程序移动,它将停止工作。完全是一团糟。升级您编写的代码(甚至是部分代码)是可以的,只要您清楚地详细说明OP如何使用它来完成他们试图做的事情。否则,它被认为是垃圾邮件。是的,这与OP的问题无关,OP的问题与删除签名和重新指定捆绑包有关,而不仅仅是单个可执行文件或二进制文件。我今天在尝试你的脚本(macOS 10.15.7)时,遇到了以下错误:/codesign\u remove\u for\u real.sh:第38行:[:503504:预期为一元运算符
。您对此有解决方案吗?它似乎也可以正常工作,第二次在同一文件上运行时,它现在显示未找到签名。
#!/bin/sh # codesign_remove_for_real -- working `codesign --remove-signature`
# (c) 2018 G. Nixon. BSD 2-clause minus retain/reproduce license requirements.
total_size(){
# Why its so damn hard to get decent recursive filesize total in the shell?
# - Darwin `du` doesn't do *bytes* (or anything less than 512B blocks)
# - `find` size options are completely non-standardized and doesn't recurse
# - `stat` is not in POSIX at all, and its options are all over the map...
# - ... etc.
# So: here we just use `find` for a recursive list of *files*, then wc -c
# and total it all up. Which sucks, because we have to read in every bit
# of every file. But its the only truly portable solution I think.
find "$@" -type f -print0 | xargs -0n1 cat | wc -c | tr -d '[:space:]'
}
# Get an accurate byte count before we touch anything. Zero would be bad.
size_total=$(total_size "$@") && [ $size_total -gt 0 ] || exit 1
recursively_repeat_remove_signature(){
# `codesign --remove-signature` randomly fails in a few ways.
# If you're lucky, you'll get an error like:
# [...]/codesign_allocate: can't write output file: [...] (Invalid argument)
# [...] the codesign_allocate helper tool cannot be found or used
# or something to that effect, in which case it will return non-zero.
# So we'll try it (suppressing stderr), and if it fails we'll just try again.
codesign --remove-signature --deep "$@" 2>/dev/null ||
recursively_repeat_remove_signature "$@"
# Unfortunately, the other very common way it fails is to do something? that
# hugely increases the binary size(s) by a seemingly arbitrary amount and
# then exits 0. `codesign -v` will tell you that there's no signature, but
# there are other telltale signs its not completely removed. For example,
# if you try stripping an executable after this, you'll get something like
# strip: changes being made to the file will invalidate the code signature
# So, the solution (well, my solution) is to do a file size check; once
# we're finally getting the same result, we've probably been sucessful.
# We could of course also use checksums, but its much faster this way.
[ $size_total == $(total_size "$@") ] ||
recursively_repeat_remove_signature "$@"
# Finally, remove any leftover _CodeSignature directories.
find "$@" -type d -name _CodeSignature -print0 | xargs -0n1 rm -rf
}
signature_info(){
# Get some info on code signatures. Not really required for anything here.
for info in "-dr-" "-vv"; do codesign $info "$@"; done # "-dvvvv"
}
# If we want to be be "verbose", check signature before. Un/comment out:
# echo >&2; echo "Current Signature State:" >&2; echo >&2; signature_info "$@"
# So we first remove any extended attributes and/or ACLs (which are common,
# and tend to interfere with the process here) then run our repeat scheme.
xattr -rc "$@" && chmod -RN "$@" && recursively_repeat_remove_signature "$@"
# Done!
# That's it; at this point, the executable or bundle(s) should sucessfully
# have truly become stripped of any code-signing. To test, one could
# try re-signing it again with an ad-hoc signature, then removing it again:
# (un/comment out below, as you see fit)
# echo >&2 && echo "Testing..." >&2; codesign -vvvvs - "$@" &&
# signature_info "$@" && recursively_repeat_remove_signature "$@"
# And of course, while it sometimes returns false positives, lets at least:
codesign -dvvvv "$@" || echo "Signature successfully removed!" >&2 && exit 0