From 0e98de5f62230a78baebc98a5db808447584d2c4 Mon Sep 17 00:00:00 2001 From: Michael Stone Date: Thu, 2 Sep 2021 15:19:59 -0400 Subject: [PATCH 1/2] codesign: allow --force as a synonym for -f --- codesign.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codesign.cpp b/codesign.cpp index c2fab60..9f9f40e 100644 --- a/codesign.cpp +++ b/codesign.cpp @@ -9,7 +9,7 @@ int main(int argc, char **argv) { std::vector files; app.add_option("-s", identity, "Code signing identity")->required(); app.add_option("-i,--identifier", identifier, "File identifier"); - app.add_flag("-f", force, "Replace any existing signatures"); + app.add_flag("-f,--force", force, "Replace any existing signatures"); app.add_option("--entitlements", entitlements, "Entitlements plist"); app.add_option("files", files, "Files to sign"); From 13072a45efd8dc25f341fdb3d32dbf6afa838003 Mon Sep 17 00:00:00 2001 From: Michael Stone Date: Sat, 4 Sep 2021 12:05:40 -0400 Subject: [PATCH 2/2] codesign: use mkstemp() filename output to drive codesign_allocate 1. Rather than synthesizing a path to the tempfile created by `mkstemp(char* template)` via `/dev/fd/...`, we instead use the fact that `mkstemp()` mutates the buffer pointed to by `template` to directly obtain the name of the generated tempfile. 2. Ignore EINTR while waitpid()'ing for codesign_allocate to finish. (This, + changes to the buildsystem in another commit enable us to use lldb to debug failing executions.) 3. Finally, while we're at it, also stop `Commands::codesign()` from leaking `tempfileName` via a suitable std::unique_ptr. --- commands.cpp | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/commands.cpp b/commands.cpp index 262a06f..2e892e6 100644 --- a/commands.cpp +++ b/commands.cpp @@ -274,8 +274,8 @@ int Commands::codesign(const CodesignOptions &options, const std::string &filena } // Make temporary name - char *tempfileName = strdup((filename + "XXXXXX").c_str()); - int tempfile = mkstemp(tempfileName); + std::unique_ptr tempfileName { strdup((filename + "XXXXXX").c_str()), std::free }; + int tempfile = mkstemp(tempfileName.get()); // Preserve mode struct stat sourceFileStat{}; @@ -287,9 +287,8 @@ int Commands::codesign(const CodesignOptions &options, const std::string &filena throw std::runtime_error{"chmod temporary file"}; } - std::string tempfileFdPath = std::string{"/dev/fd/"} + std::to_string(tempfile); arguments.emplace_back("-o"); - arguments.emplace_back(tempfileFdPath); + arguments.emplace_back(std::string(tempfileName.get())); // codesign_allocate pid_t pid; @@ -306,11 +305,16 @@ int Commands::codesign(const CodesignOptions &options, const std::string &filena }; int codesign_status; - if (waitpid(pid, &codesign_status, 0) <= 0) { + pid_t waitpid_result; + do { + waitpid_result = waitpid(pid, &codesign_status, 0); + } while (waitpid_result == -1 && errno == EINTR); + if (waitpid_result == -1) { throw std::runtime_error{ std::string{"codesign waitpid failed: "} + strerror(errno) }; } + freeArgs(spawnArgs, arguments.size()); if (!WIFEXITED(codesign_status) || WEXITSTATUS(codesign_status) != 0) { @@ -323,13 +327,13 @@ int Commands::codesign(const CodesignOptions &options, const std::string &filena // inject Commands::inject(SignOptions{ - .filename = tempfileName, + .filename = std::string(tempfileName.get()), .identifier = identifier, .entitlements = options.entitlements, }); // rename temp file to output - if (rename(tempfileName, filename.c_str()) != 0) { + if (rename(tempfileName.get(), filename.c_str()) != 0) { throw std::runtime_error{"rename failed"}; }