Skip to content

SingleFile Bundler should use the managed Mach-O signer #110055

New issue
New issue
Closed
#110417
Closed
SingleFile Bundler should use the managed Mach-O signer#110055
#110417
Assignees
jtschuster
Labels
area-HostModelMicrosoft.NET.HostModel issuesin-prThere is an active PR which will close this issue when it is merged
Milestone
10.0.0
@jtschuster

Description

@jtschuster
jtschuster
opened on Nov 21, 2024

The SingleFile bundler should use the managed Mach-O signer. The bundler uses codesign to both remove the signature and sign, and CreateAppHost uses the managed signer. If we enable ad-hoc singing on non-mac, we would have a signature in the singlefile apphost, but wouldn't be able to remove the signature before bundling or resign the final bundle, resulting in an executable with an invalid signature, which seems worse than unsigned.

At the very least, we should use the managed signer to remove the signature in the bundler.

Metadata

Metadata

Assignees

Labels

area-HostModelMicrosoft.NET.HostModel issuesin-prThere is an active PR which will close this issue when it is merged

Type

No type

Projects

AppModel

Status

No status

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions