Just Launched: You can now import projects and releases from Google Code onto SourceForge
We are excited to release new functionality to enable a 1-click import from Google Code onto the Allura platform on SourceForge. You can import tickets, wikis, source, releases, and more with a few simple steps. Read More
But wouldn't that kind of defeat the purpose? Codesign is supposed, among other things, to prevent the modification of the binaries by a malicious third party. If I codesign the binary part of tclkit and leave alone the metakit database appended to it, nothing prevents a third party from mounting and modifying the code inside it.
Is there a mail thread or wiki page where Jean-Claude discussed codesign he did for the Mac tclkits?
Also, I have kept trying things and realized that:
codesign --verbose --detached signature.txt -s example.app
actually works (it stores the signature in a separate file), but I am not sure if this is what is expected from the Mac apps.
Note that the above does not happen in Windows, the whole file gets codesigned (including the metakit db appended at the end). If the metakit part changes, then the verification step fails.
----- Original Message ----
From: Mark Roseman <mark@...>
To: tcl mac <tcl-mac@...>
Sent: Monday, March 17, 2008 6:21:18 PM
Subject: Re: [MACTCL] Tcl and code signing
Your diagnosis is correct, the extra data at the end of the file
doesn't play well with codesign. The latest (from a couple of days
ago I think) tclkit's that jcw built already come code-signed, so if
you can start from those you're home free.
If you're building your own tclkit, code signing has to be done in the
build process before the core tclkit data is appended on (i.e. code
sign each of the two 'kitsh' binaries, before they're lipo'd together).
Hope this helps.
On Mar 17, 2008, at 11:15 AM, Joi Osoy wrote:
> I do not know if this is more of a Tclkit or a Mac question. I am
> trying to code sign a Mac Tclkit application executable
> $ codesign --verbose -s example.app
> codesign_allocate: the __LINKEDIT segment does not cover the end of
> file (can't be processed) in:
> osx-intel.kit: object file format invalid or unsuitable
> I have googled the error and nothing really seems to apply. It seems
> the codesign utility is balking at the extra data appended at the
> end of a starkit executable. Does anybody know how to solve this or
> any ideas or how can I further troubleshoot the issue?
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
Tcl-mac mailing list
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ