Code signing issues with macports-gcc48 compiled binaries

Nicolas Hatier nicolas.hatier at niversoft.com
Sun Jun 30 11:25:45 PDT 2013 

Hello.

I have troubles to codesign a binary compiled with gcc-mp-48

Previously I was using XCode's gcc (4.2.1) and everything was ok.

a.cpp:
int main() { return 1; }

Compiled with gcc 4.2.1:

     > /usr/bin/gcc a.cpp
     > security unlock-keychain ~/my.keychain
    password to unlock /Users/me/my.keychain: ********
     > codesign -f -s "identity" --keychain ~/my.keychain a.out
     > codesign -v -v a.out
    a.out: valid on disk
    a.out: satisfies its Designated Requirement
    (success)

Compiled with gcc 4.8 (macports)

     > /opt/local/bin/gcc-mp-4.8 a.cpp
     > security unlock-keychain ~/my.keychain
    password to unlock /Users/me/my.keychain: ********
     > codesign -f -s "identity" --keychain ~/my.keychain a.out
    codesign_allocate: object: /Users/me/a.out malformed object (unknown
    load command 9)
    a.out: object file format invalid or unsuitable
    (failure)

I then found out there was a codesign_allocate in macports bin, so I tried:

     > export CODESIGN_ALLOCATE=/opt/local/bin/codesign_allocate
     > security unlock-keychain ~/my.keychain
    password to unlock /Users/me/my.keychain: ********
     > codesign -f -s "identity" --keychain ~/my.keychain a.out
    a.out: code object is not signed


Uh? When I specify macports codesign_allocate, codesign doesn't even try 
to sign, it just verifies the (unavailable) signature of my binary.

However, detached signature works, with or without macports 
codesign_allocate:

     > codesign -f -s "identity" --keychain ~/my.keychain a.out
    --detached a.out.signature
     > codesign -v -v a.out --detached a.out.signature
    a.out: valid on disk
    a.out: satisfies its Designated Requirement

So codesign and codesign_allocate works with gcc48-compiled binaries, 
but for some reason fails to understand that it should embed the 
signature in the binary.

Anybody have a clue about that? Or maybe a way to embed the signature 
after it has been created detached?

Note: My personal Mac/OSX knowledge is basic to medium, and I need to 
use only command-line tools to create working, ideally signed, binaries. 
The build process is highly automated on several platforms.

Regards
NH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-users/attachments/20130630/d606989b/attachment.html>

More information about the macports-users mailing list