Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TeamID is not set during signing #147

Open
jakov-denona opened this issue Sep 26, 2023 · 3 comments
Open

TeamID is not set during signing #147

jakov-denona opened this issue Sep 26, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@jakov-denona
Copy link

jakov-denona commented Sep 26, 2023

What happened:
I'm testing quill to implement into our process for code signing osx binaries. I've exported Apple Developer ID as .p12 cert and password as Quill P12 environment variables (as noted in README). While signing does complete, and I can see certificates embedded into Mach-o binaries, our application cannot start because TeamID is not set.

What you expected to happen:
I expected TeamID to be set

How to reproduce it (as minimally and precisely as possible):
Build MacOSX application with xcode and try to sign it with quill.

Anything else we need to know?:
I've taken a peek into codebase, however, I am not a go developer so I might've understood it wrong, but I couldn't find teamid signature in signing go module.

Environment:

  • Output of version command:
Application:     quill
Version:         0.4.1
BuildDate:       2023-08-25T19:47:39Z
GitCommit:       8129c5808e3717838dfb5a32f886a48fa24ed8a9
GitDescription:  v0.4.1
Platform:        darwin/arm64
GoVersion:       go1.18.10
Compiler:        gc```

- OS:
```[~] ❱❱❱ sw_vers
ProductName:		macOS
ProductVersion:		13.4
BuildVersion:		22F66
@jakov-denona jakov-denona added the bug Something isn't working label Sep 26, 2023
@spiffcs
Copy link
Contributor

spiffcs commented Sep 28, 2023

👋 Hey @brokulante - Quill currently does not set the TeamID. It's something that can be added as an enhancement, but requires a bit of additional code.

It does look like we have space for the TeamOffset

TeamOffset uint32 // offset of optional team identifier

We'd have to decode it here:

CodeDirectoryHeader: macho.CodeDirectoryHeader{
Version: macho.SupportsRuntime,
Flags: flags,
HashOffset: uint32(hashOff),
IdentOffset: uint32(idOff),
NSpecialSlots: uint32(2), // requirements + plist
NCodeSlots: uint32(len(hashes)),
CodeLimit: codeSize,
HashSize: uint8(hasher.Size()),
HashType: ht,
PageSize: uint8(macho.PageSizeBits),
ExecSegBase: execOffset,
ExecSegLimit: execSize,
ExecSegFlags: macho.ExecsegMainBinary,
Runtime: 0x0c0100,
PreEncryptOffset: 0x0,
},

I can do a bit more investigation to see what needs to be updated on the signing side after we include this as a part of the code directory.

@spiffcs spiffcs moved this to Backlog in OSS Sep 28, 2023
@spiffcs spiffcs added the enhancement New feature or request label Sep 28, 2023
@wagoodman wagoodman removed the enhancement New feature or request label Sep 28, 2023
@jakov-denona
Copy link
Author

Thanks for the reply! I'll keep my eyes opened on this issue 🙏
Please let me know if there is anything I can do to assist :)

@ahmedxfn
Copy link

ahmedxfn commented Nov 6, 2023

Bundle ID is missing too, isn't it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Status: Backlog
Development

No branches or pull requests

4 participants