Apple ARM binary codesign issue

Michael Dickens michaelld at macports.org
Fri Sep 25 14:30:10 UTC 2020


Let's try this again from my MP email so that it gets to lists ... sorry for duplicate emails!

I've finally gotten to the point of working out a hack solution.

One can -not- modify '/usr/bin' without a lot of effort. But, one can modify '/Applications/Xcode[-beta].app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin' ... and yes I know this is outside the scope of what MP does or is (likely) willing to do. As noted: This is a hack to prove that it works.

In '/Applications/Xcode[-beta].app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin' I move the target executables from 'foo' to 'foo_orig', then create a script 'foo' that first calls 'foo_orig ${@}' then 'codesign' to update the signature on the binary. The executables in '/usr/bin' just call those in '/Applications/Xcode-beta.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin', so my script is treated as a system provided executable for 'foo'. Initial testing looks positive, regardless of how hacky this is.

Question: which executables am I targeting here? I think 'strip', 'lipo', and 'install_name_tool' are the obvious ones. is that all? Any others that need this wrapping? - MLD


More information about the macports-dev mailing list