diff --git a/src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs b/src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs index c0ab083017a8d2..f59e9c941ab053 100644 --- a/src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs +++ b/src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs @@ -386,7 +386,7 @@ public string GenerateBundle(IReadOnlyList fileSpecs) } if (_macosCodesign) { - endOfBundle = (ulong)machFile.AdHocSignFile(machFileReader!, _hostName, signatureBlob); + endOfBundle = (ulong)machFile.AdHocSignFile(machFileReader!, _hostName); } } diff --git a/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/BlobParser.cs b/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/BlobParser.cs index b8157940bd04a1..d26200d583d4b3 100644 --- a/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/BlobParser.cs +++ b/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/BlobParser.cs @@ -26,8 +26,6 @@ public static IBlob ParseBlob(IMachOFileReader reader, long offset) BlobMagic.Requirements => new RequirementsBlob(SuperBlob.Read(reader, offset)), BlobMagic.CmsWrapper => new CmsWrapperBlob(SimpleBlob.Read(reader, offset)), BlobMagic.EmbeddedSignature => new EmbeddedSignatureBlob(SuperBlob.Read(reader, offset)), - BlobMagic.Entitlements => new EntitlementsBlob(SimpleBlob.Read(reader, offset)), - BlobMagic.DerEntitlements => new DerEntitlementsBlob(SimpleBlob.Read(reader, offset)), _ => CreateUnknownBlob(magic, reader, offset), }; diff --git a/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/CodeDirectoryBlob.cs b/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/CodeDirectoryBlob.cs index b56c60b02e70eb..8de8a0b7fdde36 100644 --- a/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/CodeDirectoryBlob.cs +++ b/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/CodeDirectoryBlob.cs @@ -119,17 +119,11 @@ public static CodeDirectoryBlob Create( long signatureStart, string identifier, RequirementsBlob requirementsBlob, - EntitlementsBlob? entitlementsBlob = null, - DerEntitlementsBlob? derEntitlementsBlob = null, HashType hashType = HashType.SHA256, uint pageSize = MachObjectFile.DefaultPageSize) { uint codeSlotCount = GetCodeSlotCount((uint)signatureStart, pageSize); - uint specialCodeSlotCount = (uint)(derEntitlementsBlob != null - ? CodeDirectorySpecialSlot.DerEntitlements - : entitlementsBlob != null - ? CodeDirectorySpecialSlot.Entitlements - : CodeDirectorySpecialSlot.Requirements); + uint specialCodeSlotCount = (uint)CodeDirectorySpecialSlot.Requirements; var specialSlotHashes = new byte[specialCodeSlotCount][]; var codeHashes = new byte[codeSlotCount][]; @@ -144,29 +138,12 @@ public static CodeDirectoryBlob Create( // Fill in the CodeDirectory hashes // Special slot hashes - // -7 is the der entitlements blob hash - if (derEntitlementsBlob != null) - { - using var derStream = new MemoryStreamWriter((int)derEntitlementsBlob.Size); - derEntitlementsBlob.Write(derStream, 0); - specialSlotHashes[(int)CodeDirectorySpecialSlot.DerEntitlements - 1] = hasher.ComputeHash(derStream.GetBuffer()); - } - - // -5 is the entitlements blob hash - if (entitlementsBlob != null) - { - using var entStream = new MemoryStreamWriter((int)entitlementsBlob.Size); - entitlementsBlob.Write(entStream, 0); - specialSlotHashes[(int)CodeDirectorySpecialSlot.Entitlements - 1] = hasher.ComputeHash(entStream.GetBuffer()); - } - // -2 is the requirements blob hash using (var reqStream = new MemoryStreamWriter((int)requirementsBlob.Size)) { requirementsBlob.Write(reqStream, 0); specialSlotHashes[(int)CodeDirectorySpecialSlot.Requirements - 1] = hasher.ComputeHash(reqStream.GetBuffer()); } - // -1 is the CMS blob hash (which is empty -- nothing to hash) // Reverse special slot hashes diff --git a/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/DerEntitlementsBlob.cs b/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/DerEntitlementsBlob.cs deleted file mode 100644 index 4b0a13b94252d0..00000000000000 --- a/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/DerEntitlementsBlob.cs +++ /dev/null @@ -1,35 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. - -using System.IO; - -namespace Microsoft.NET.HostModel.MachO; - -internal sealed class DerEntitlementsBlob : IBlob -{ - private SimpleBlob _inner; - - public DerEntitlementsBlob(SimpleBlob blob) - { - _inner = blob; - if (blob.Size > MaxSize) - { - throw new InvalidDataException($"DerEntitlementsBlob size exceeds maximum allowed size: {blob.Data.Length} > {MaxSize}"); - } - if (blob.Magic != BlobMagic.DerEntitlements) - { - throw new InvalidDataException($"Invalid magic for DerEntitlementsBlob: {blob.Magic}"); - } - } - - public static uint MaxSize => 1024; - - /// - public BlobMagic Magic => ((IBlob)_inner).Magic; - - /// - public uint Size => ((IBlob)_inner).Size; - - /// - public int Write(IMachOFileWriter writer, long offset) => ((IBlob)_inner).Write(writer, offset); -} diff --git a/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/EmbeddedSignatureBlob.cs b/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/EmbeddedSignatureBlob.cs index 0d9174d3a203c8..529cdc547c3144 100644 --- a/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/EmbeddedSignatureBlob.cs +++ b/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/EmbeddedSignatureBlob.cs @@ -5,7 +5,6 @@ using System; using System.Collections.Immutable; -using System.Diagnostics; using System.IO; namespace Microsoft.NET.HostModel.MachO; @@ -36,38 +35,20 @@ public EmbeddedSignatureBlob(SuperBlob superBlob) public EmbeddedSignatureBlob( CodeDirectoryBlob codeDirectoryBlob, RequirementsBlob requirementsBlob, - CmsWrapperBlob cmsWrapperBlob, - EntitlementsBlob? entitlementsBlob = null, - DerEntitlementsBlob? derEntitlementsBlob = null) + CmsWrapperBlob cmsWrapperBlob) { - int blobCount = 3 + (entitlementsBlob is not null ? 1 : 0) + (derEntitlementsBlob is not null ? 1 : 0); + int blobCount = 3; var blobs = ImmutableArray.CreateBuilder(blobCount); var blobIndices = ImmutableArray.CreateBuilder(blobCount); - uint nextBlobOffset = (uint)(sizeof(uint) * 3 + (BlobIndex.Size * blobCount)); - + uint expectedOffset = (uint)(sizeof(uint) * 3 + (BlobIndex.Size * blobCount)); blobs.Add(codeDirectoryBlob); - blobIndices.Add(new BlobIndex(CodeDirectorySpecialSlot.CodeDirectory, nextBlobOffset)); - nextBlobOffset += codeDirectoryBlob.Size; - + blobIndices.Add(new BlobIndex(CodeDirectorySpecialSlot.CodeDirectory, expectedOffset)); + expectedOffset += codeDirectoryBlob.Size; blobs.Add(requirementsBlob); - blobIndices.Add(new BlobIndex(CodeDirectorySpecialSlot.Requirements, nextBlobOffset)); - nextBlobOffset += requirementsBlob.Size; - + blobIndices.Add(new BlobIndex(CodeDirectorySpecialSlot.Requirements, expectedOffset)); + expectedOffset += requirementsBlob.Size; blobs.Add(cmsWrapperBlob); - blobIndices.Add(new BlobIndex(CodeDirectorySpecialSlot.CmsWrapper, nextBlobOffset)); - nextBlobOffset += cmsWrapperBlob.Size; - - if (entitlementsBlob is not null) - { - blobs.Add(entitlementsBlob); - blobIndices.Add(new BlobIndex(CodeDirectorySpecialSlot.Entitlements, nextBlobOffset)); - nextBlobOffset += entitlementsBlob.Size; - } - if (derEntitlementsBlob is not null) - { - blobs.Add(derEntitlementsBlob); - blobIndices.Add(new BlobIndex(CodeDirectorySpecialSlot.DerEntitlements, nextBlobOffset)); - } + blobIndices.Add(new BlobIndex(CodeDirectorySpecialSlot.CmsWrapper, expectedOffset)); _inner = new SuperBlob(BlobMagic.EmbeddedSignature, blobIndices.MoveToImmutable(), blobs.MoveToImmutable()); } @@ -90,16 +71,6 @@ public EmbeddedSignatureBlob( /// public CmsWrapperBlob? CmsWrapperBlob => GetBlob(BlobMagic.CmsWrapper) as CmsWrapperBlob; - /// - /// The EntitlementsBlob. This is only included in created signatures if present in the original signature. - /// - public EntitlementsBlob? EntitlementsBlob => GetBlob(BlobMagic.Entitlements) as EntitlementsBlob; - - /// - /// The DerEntitlementsBlob. This is only included in created signatures if present in the original signature. - /// - public DerEntitlementsBlob? DerEntitlementsBlob => GetBlob(BlobMagic.DerEntitlements) as DerEntitlementsBlob; - public uint GetSpecialSlotHashCount() { uint maxSlot = 0; @@ -113,7 +84,6 @@ public uint GetSpecialSlotHashCount() maxSlot = slot; } } - Debug.Assert((CodeDirectorySpecialSlot)maxSlot is 0 or CodeDirectorySpecialSlot.Requirements or CodeDirectorySpecialSlot.Entitlements or CodeDirectorySpecialSlot.DerEntitlements); return maxSlot; } @@ -134,7 +104,7 @@ public static unsafe long GetLargestSizeEstimate(uint fileSize, string identifie size += sizeof(BlobMagic); size += sizeof(uint); // Blob size size += sizeof(uint); // Blob count - size += sizeof(BlobIndex) * 5; // 5 sub-blobs: CodeDirectory, Requirements, CmsWrapper, Entitlements, DerEntitlements + size += sizeof(BlobIndex) * 3; // 3 sub-blobs: CodeDirectory, Requirements, CmsWrapper // CodeDirectoryBlob size += sizeof(BlobMagic); @@ -142,45 +112,22 @@ public static unsafe long GetLargestSizeEstimate(uint fileSize, string identifie size += sizeof(CodeDirectoryBlob.CodeDirectoryHeader); // CodeDirectory header size += CodeDirectoryBlob.GetIdentifierLength(identifier); // Identifier size += (long)CodeDirectoryBlob.GetCodeSlotCount(fileSize) * usedHashSize; // Code hashes - size += (long)(uint)CodeDirectorySpecialSlot.DerEntitlements * usedHashSize; // Special code hashes. The highest special slot is DerEntitlements. + size += (long)(uint)CodeDirectorySpecialSlot.Requirements * usedHashSize; // Special code hashes size += RequirementsBlob.Empty.Size; // Requirements is always written as an empty blob size += CmsWrapperBlob.Empty.Size; // CMS blob is always written as an empty blob - size += EntitlementsBlob.MaxSize; - size += DerEntitlementsBlob.MaxSize; return size; } /// /// Returns the size of a signature used to replace an existing one. /// If the existing signature is null, it will assume sizing using the default signature, which includes the Requirements and CMS blobs. - /// If the existing signature is not null, it will preserve the Entitlements and DER Entitlements blobs if they exist. /// - internal static unsafe long GetSignatureSize(uint fileSize, string identifier, EmbeddedSignatureBlob? existingSignature = null, byte? hashSize = null) + internal static unsafe long GetSignatureSize(uint fileSize, string identifier, byte? hashSize = null) { byte usedHashSize = hashSize ?? CodeDirectoryBlob.DefaultHashType.GetHashSize(); - // CodeDirectory, Requirements, CMS Wrapper are always present uint specialCodeSlotCount = (uint)CodeDirectorySpecialSlot.Requirements; - uint embeddedSignatureSubBlobCount = 3; - uint entitlementsBlobSize = 0; - uint derEntitlementsBlobSize = 0; - - if (existingSignature != null) - { - // We preserve Entitlements and DER Entitlements blobs if they exist in the old signature. - // We need to update the relevant sizes and counts to reflect this. - specialCodeSlotCount = Math.Max((uint)CodeDirectorySpecialSlot.Requirements, existingSignature.GetSpecialSlotHashCount()); - if (existingSignature.EntitlementsBlob is not null) - { - entitlementsBlobSize = existingSignature.EntitlementsBlob.Size; - embeddedSignatureSubBlobCount += 1; - } - if (existingSignature.DerEntitlementsBlob is not null) - { - derEntitlementsBlobSize = existingSignature.DerEntitlementsBlob.Size; - embeddedSignatureSubBlobCount += 1; - } - } + uint embeddedSignatureSubBlobCount = 3; // CodeDirectory, Requirements, CMS Wrapper are always present // Calculate the size of the new signature long size = 0; @@ -190,21 +137,16 @@ internal static unsafe long GetSignatureSize(uint fileSize, string identifier, E size += sizeof(uint); // Blob count size += sizeof(BlobIndex) * embeddedSignatureSubBlobCount; // EmbeddedSignature sub-blobs // CodeDirectory - size += sizeof(BlobMagic); // CodeDirectory Magic number - size += sizeof(uint); // CodeDirectory Size field + size += sizeof(BlobMagic); // CD Magic number + size += sizeof(uint); // CD Size field size += sizeof(CodeDirectoryBlob.CodeDirectoryHeader); // CodeDirectory header size += CodeDirectoryBlob.GetIdentifierLength(identifier); // Identifier size += specialCodeSlotCount * usedHashSize; // Special code hashes size += CodeDirectoryBlob.GetCodeSlotCount(fileSize) * usedHashSize; // Code hashes - // RequirementsBlob is always empty + // RequirementsBlob size += RequirementsBlob.Empty.Size; - // EntitlementsBlob - size += entitlementsBlobSize; - // DER EntitlementsBlob - size += derEntitlementsBlobSize; - // CMSWrapperBlob is always empty + // CmsWrapperBlob size += CmsWrapperBlob.Empty.Size; - return size; } @@ -243,11 +185,5 @@ public static void AssertEquivalent(EmbeddedSignatureBlob? a, EmbeddedSignatureB if (a.CmsWrapperBlob?.Size != b.CmsWrapperBlob?.Size) throw new ArgumentException("CMS Wrapper blobs are not equivalent"); - - if (a.EntitlementsBlob?.Size != b.EntitlementsBlob?.Size) - throw new ArgumentException("Entitlements blobs are not equivalent"); - - if (a.DerEntitlementsBlob?.Size != b.DerEntitlementsBlob?.Size) - throw new ArgumentException("DER Entitlements blobs are not equivalent"); } } diff --git a/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/EntitlementsBlob.cs b/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/EntitlementsBlob.cs deleted file mode 100644 index fa0f8c0c41329a..00000000000000 --- a/src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/EntitlementsBlob.cs +++ /dev/null @@ -1,39 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. - -using System.IO; - -namespace Microsoft.NET.HostModel.MachO; - -/// -/// See https://github.com/apple-oss-distributions/Security/blob/3dab46a11f45f2ffdbd70e2127cc5a8ce4a1f222/OSX/libsecurity_utilities/lib/blob.h -/// Code signature data is always big endian / network order. -/// -internal sealed class EntitlementsBlob : IBlob -{ - private SimpleBlob _inner; - - public EntitlementsBlob(SimpleBlob blob) - { - _inner = blob; - if (blob.Magic != BlobMagic.Entitlements) - { - throw new InvalidDataException($"Invalid magic for EntitlementsBlob: {blob.Magic}"); - } - if (blob.Size > MaxSize) - { - throw new InvalidDataException($"EntitlementsBlob data exceeds maximum size of {MaxSize} bytes."); - } - } - - public static uint MaxSize => 2048; - - /// - public BlobMagic Magic => ((IBlob)_inner).Magic; - - /// - public uint Size => ((IBlob)_inner).Size; - - /// - public int Write(IMachOFileWriter writer, long offset) => ((IBlob)_inner).Write(writer, offset); -} diff --git a/src/installer/managed/Microsoft.NET.HostModel/MachO/Enums/BlobMagic.cs b/src/installer/managed/Microsoft.NET.HostModel/MachO/Enums/BlobMagic.cs index b2c4f245e418f0..8a709e7c066bea 100644 --- a/src/installer/managed/Microsoft.NET.HostModel/MachO/Enums/BlobMagic.cs +++ b/src/installer/managed/Microsoft.NET.HostModel/MachO/Enums/BlobMagic.cs @@ -11,7 +11,5 @@ internal enum BlobMagic : uint EmbeddedSignature = 0xfade0cc0, CodeDirectory = 0xfade0c02, Requirements = 0xfade0c01, - Entitlements = 0xfade7171, - DerEntitlements = 0xfade7172, CmsWrapper = 0xfade0b01, } diff --git a/src/installer/managed/Microsoft.NET.HostModel/MachO/Enums/CodeDirectorySpecialSlot.cs b/src/installer/managed/Microsoft.NET.HostModel/MachO/Enums/CodeDirectorySpecialSlot.cs index 231083e272615b..18603dda63c778 100644 --- a/src/installer/managed/Microsoft.NET.HostModel/MachO/Enums/CodeDirectorySpecialSlot.cs +++ b/src/installer/managed/Microsoft.NET.HostModel/MachO/Enums/CodeDirectorySpecialSlot.cs @@ -10,7 +10,5 @@ internal enum CodeDirectorySpecialSlot { CodeDirectory = 0, Requirements = 2, - Entitlements = 5, - DerEntitlements = 7, CmsWrapper = 0x10000, } diff --git a/src/installer/managed/Microsoft.NET.HostModel/MachO/MachObjectFile.cs b/src/installer/managed/Microsoft.NET.HostModel/MachO/MachObjectFile.cs index ecb7e3d96165c1..0129a3d00cbe94 100644 --- a/src/installer/managed/Microsoft.NET.HostModel/MachO/MachObjectFile.cs +++ b/src/installer/managed/Microsoft.NET.HostModel/MachO/MachObjectFile.cs @@ -112,50 +112,35 @@ public static MachObjectFile Create(IMachOFileReader file) /// /// The file to write the signature to. /// The identifier to use for the code signature. - /// - /// An optional old signature to preserve entitlements metadata. - /// If not provided, the existing code signature blob will be used. - /// If the existing code signature blob is not present, a new signature will be created without entitlements. - /// - public long AdHocSignFile(IMachOFileAccess file, string identifier, EmbeddedSignatureBlob? oldSignature = null) + public long AdHocSignFile(IMachOFileAccess file, string identifier) { - oldSignature ??= _codeSignatureBlob; - AllocateCodeSignatureLoadCommand(identifier, oldSignature); + AllocateCodeSignatureLoadCommand(identifier); _codeSignatureBlob = null; // The code signature includes hashes of the entire file up to the code signature. // In order to calculate the hashes correctly, everything up to the code signature must be written before the signature is built. Write(file); - _codeSignatureBlob = CreateSignature(this, file, identifier, oldSignature); + _codeSignatureBlob = CreateSignature(this, file, identifier); Validate(); _codeSignatureBlob.Write(file, _codeSignatureLoadCommand.Command.GetDataOffset(_header)); return GetFileSize(); } - private static EmbeddedSignatureBlob CreateSignature(MachObjectFile machObject, IMachOFileReader file, string identifier, EmbeddedSignatureBlob? oldSignature) + private static EmbeddedSignatureBlob CreateSignature(MachObjectFile machObject, IMachOFileReader file, string identifier) { - var oldSignatureBlob = oldSignature; - Debug.Assert(!machObject._codeSignatureLoadCommand.Command.IsDefault); uint signatureStart = machObject._codeSignatureLoadCommand.Command.GetDataOffset(machObject._header); RequirementsBlob requirementsBlob = RequirementsBlob.Empty; CmsWrapperBlob cmsWrapperBlob = CmsWrapperBlob.Empty; - EntitlementsBlob? entitlementsBlob = oldSignatureBlob?.EntitlementsBlob; - DerEntitlementsBlob? derEntitlementsBlob = oldSignatureBlob?.DerEntitlementsBlob; - var codeDirectory = CodeDirectoryBlob.Create( file, signatureStart, identifier, - requirementsBlob, - entitlementsBlob, - derEntitlementsBlob); + requirementsBlob); return new EmbeddedSignatureBlob( codeDirectoryBlob: codeDirectory, requirementsBlob: requirementsBlob, - cmsWrapperBlob: cmsWrapperBlob, - entitlementsBlob: entitlementsBlob, - derEntitlementsBlob: derEntitlementsBlob); + cmsWrapperBlob: cmsWrapperBlob); } /// @@ -448,11 +433,11 @@ private static void ReadCommands( /// /// Clears the old signature and sets the codeSignatureLC to the proper size and offset for a new signature. /// - private void AllocateCodeSignatureLoadCommand(string identifier, EmbeddedSignatureBlob? oldSignature) + private void AllocateCodeSignatureLoadCommand(string identifier) { uint csOffset = GetSignatureStart(); uint csPtr = (uint)(_codeSignatureLoadCommand.Command.IsDefault ? NextLoadCommandOffset : _codeSignatureLoadCommand.FileOffset); - uint csSize = (uint)EmbeddedSignatureBlob.GetSignatureSize(csOffset, identifier, oldSignature); + uint csSize = (uint)EmbeddedSignatureBlob.GetSignatureSize(csOffset, identifier); if (_codeSignatureLoadCommand.Command.IsDefault) { diff --git a/src/installer/tests/Microsoft.NET.HostModel.Tests/MachObjectSigning/SigningTests.cs b/src/installer/tests/Microsoft.NET.HostModel.Tests/MachObjectSigning/SigningTests.cs index 452fe8a8a1b32e..b1ed8eada30fcd 100644 --- a/src/installer/tests/Microsoft.NET.HostModel.Tests/MachObjectSigning/SigningTests.cs +++ b/src/installer/tests/Microsoft.NET.HostModel.Tests/MachObjectSigning/SigningTests.cs @@ -90,7 +90,7 @@ void MatchesCodesignOutput(string filePath, TestArtifact _) // Codesigned file File.Copy(filePath, codesignFilePath); Assert.True(Codesign.IsAvailable, "Could not find codesign tool"); - var (exitCode, stdErr) = Codesign.Run("-s - -f --preserve-metadata=entitlements -i" + fileName, codesignFilePath); + var (exitCode, stdErr) = Codesign.Run("-s - -f -i " + fileName, codesignFilePath); Assert.Equal(0, exitCode); // Managed signed file @@ -140,41 +140,6 @@ void ReadSignedMachIsTheSameAsReadAndResigned(string filePath, TestArtifact _) } } - [Fact] - [PlatformSpecific(TestPlatforms.OSX)] - public void SigningAppHostPreservesEntitlements() - { - using var testDirectory = TestArtifact.Create(nameof(SigningAppHostPreservesEntitlements)); - var testAppHostPath = Path.Combine(testDirectory.Location, Path.GetFileName(Binaries.AppHost.FilePath)); - File.Copy(Binaries.AppHost.FilePath, testAppHostPath); - string signedHostPath = testAppHostPath + ".signed"; - - HostWriter.CreateAppHost(testAppHostPath, signedHostPath, testAppHostPath + ".dll", enableMacOSCodeSign: true); - - Assert.True(SigningTests.HasEntitlementsBlob(testAppHostPath)); - Assert.True(SigningTests.HasEntitlementsBlob(signedHostPath)); - Assert.True(SigningTests.HasDerEntitlementsBlob(testAppHostPath)); - Assert.True(SigningTests.HasDerEntitlementsBlob(signedHostPath)); - } - - [Fact] - [PlatformSpecific(TestPlatforms.OSX)] - public void BundledAppHostHasEntitlements() - { - using var testDirectory = TestArtifact.Create(nameof(BundledAppHostHasEntitlements)); - var testAppHostPath = Path.Combine(testDirectory.Location, Path.GetFileName(Binaries.SingleFileHost.FilePath)); - File.Copy(Binaries.SingleFileHost.FilePath, testAppHostPath); - string signedHostPath = testAppHostPath + ".signed"; - - HostWriter.CreateAppHost(testAppHostPath, signedHostPath, testAppHostPath + ".dll", enableMacOSCodeSign: true); - var bundlePath = new Bundler(Path.GetFileName(signedHostPath), testAppHostPath + ".bundle").GenerateBundle([new(signedHostPath, Path.GetFileName(signedHostPath))]); - - Assert.True(SigningTests.HasEntitlementsBlob(testAppHostPath)); - Assert.True(SigningTests.HasEntitlementsBlob(bundlePath)); - Assert.True(SigningTests.HasDerEntitlementsBlob(testAppHostPath)); - Assert.True(SigningTests.HasDerEntitlementsBlob(bundlePath)); - } - [Fact] [PlatformSpecific(TestPlatforms.OSX)] public void OverwritingExistingBundleClearsMacOsSignatureCache() @@ -326,26 +291,6 @@ public static bool IsSigned(string filePath) public static bool IsMachOImage(string filePath) => MachObjectFile.IsMachOImage(filePath); - public static bool HasEntitlementsBlob(string filePath) - { - using (MemoryMappedFile memoryMappedFile = MemoryMappedFile.CreateFromFile(filePath, FileMode.Open)) - using (MemoryMappedViewAccessor memoryMappedViewAccessor = memoryMappedFile.CreateViewAccessor(0, 0, MemoryMappedFileAccess.Read)) - { - var machObjectFile = MachObjectFile.Create(memoryMappedViewAccessor); - return machObjectFile.EmbeddedSignatureBlob?.EntitlementsBlob != null; - } - } - - public static bool HasDerEntitlementsBlob(string filePath) - { - using (MemoryMappedFile memoryMappedFile = MemoryMappedFile.CreateFromFile(filePath, FileMode.Open)) - using (MemoryMappedViewAccessor memoryMappedViewAccessor = memoryMappedFile.CreateViewAccessor(0, 0, MemoryMappedFileAccess.Read)) - { - var machObjectFile = MachObjectFile.Create(memoryMappedViewAccessor); - return machObjectFile.EmbeddedSignatureBlob?.DerEntitlementsBlob != null; - } - } - static readonly string[] liveBuiltHosts = new string[] { Binaries.AppHost.FilePath, Binaries.SingleFileHost.FilePath }; public static Object[][] GetTestFilePaths(string testArtifactName) diff --git a/src/native/corehost/apphost/static/CMakeLists.txt b/src/native/corehost/apphost/static/CMakeLists.txt index c37e523cf148bd..94937ca5139628 100644 --- a/src/native/corehost/apphost/static/CMakeLists.txt +++ b/src/native/corehost/apphost/static/CMakeLists.txt @@ -309,4 +309,4 @@ add_sanitizer_runtime_support(singlefilehost) if (CLR_CMAKE_HOST_APPLE) adhoc_sign_with_entitlements(singlefilehost "${CLR_ENG_NATIVE_DIR}/entitlements.plist") -endif() +endif() \ No newline at end of file