Apple ARM binary codesign issue

Ryan Schmidt ryandesign at macports.org
Tue Sep 22 18:58:08 UTC 2020



On Sep 22, 2020, at 13:29, Michael Dickens wrote:

> % codesign -v -vvvv --ignore-resources /opt/local/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8
> /opt/local/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8: invalid signature (code or signature have been modified)
> % sudo codesign -s - --preserve-metadata=identifier,entitlements,flags,runtime -f /opt/local/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8
> /opt/local/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8: replacing existing signature
> /opt/local/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8: the codesign_allocate helper tool cannot be found or used
> % which codesign
> /usr/bin/codesign
> % which codesign_allocate
> /usr/bin/codesign_allocate
> 

You need Xcode 12.2 beta, which you probably have, but also make sure that you don't have old command line tools installed. I don't think the Xcode 12.0 beta command line tools are compatible, and there isn't an Xcode 12.2 beta command line tools yet. Delete /Library/Developer/CommandLineTools.


% codesign -v -vvvv mp/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8
mp/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8: invalid signature (code or signature have been modified)
In architecture: arm64
% codesign -s - --preserve-metadata=identifier,entitlements,flags,runtime -f mp/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8
mp/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8: replacing existing signature
...
% codesign -v -vvvv mp/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8
mp/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8: valid on disk
mp/Library/Frameworks/Python.framework/Versions/3.8/bin/python3.8: satisfies its Designated Requirement
%


> Mentioned as possible fixes were: (1) inserting MP strip and install_name_tool wrappers that sign the binary if the signature is broken; or (2) a new step in destroot_finish .

I hope that Apple fixes their toolchain to work without such intervention.



More information about the macports-dev mailing list