Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: codesign for deno compile binaries #24604

Merged
merged 3 commits into from
Aug 1, 2024
Merged

feat: codesign for deno compile binaries #24604

merged 3 commits into from
Aug 1, 2024

Conversation

littledivy
Copy link
Member

@littledivy littledivy commented Jul 16, 2024
edited
Loading

Uses sui to inject metadata as a custom section in the denort binary.

Metadata is stored as a Mach-O segment on macOS and PE RT_RCDATA resource on Windows.

Fixes #11154
Fixes #17753

deno compile app.tsx

# on macOS
codesign --sign - ./app

# on Windows
signtool sign /fd SHA256 .\app.exe

@littledivy littledivy changed the title codesign for deno compile binaries feat: codesign for deno compile binaries Jul 16, 2024
littledivy
littledivy commented Jul 17, 2024
View reviewed changes
cli/standalone/binary.rs
@@ -129,66 +133,94 @@ pub fn load_npm_vfs(root_dir_path: PathBuf) -> Result<FileBackedVfs, AnyError> {
root_path: root_dir_path,
start_file_offset: trailer.npm_files_pos,
};
Ok(FileBackedVfs::new(file, fs_root))
Ok(FileBackedVfs::new(data.to_vec(), fs_root))
Copy link
Member Author

@littledivy littledivy Jul 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For future: FileBackedVfs can be made a zero-copy view on data because sui returns a slice :)

@bartlomieju bartlomieju added this to the 1.46 milestone Jul 22, 2024
@bartlomieju
Copy link
Member

Let's aim to land this one in v1.46. Is there anything blocking the Windows CI passing?

@littledivy
Copy link
Member Author

littledivy commented Jul 22, 2024
edited
Loading

Yup, v1.46 is reasonable.

I rewrote sui and removed dependency on LIEF. Currently blocked on:

denoland/sui#5
denoland/sui#7
denoland/sui#4
denoland/sui#11

@littledivy
Copy link
Member Author

Moved sui to @denoland org: https://github.com/denoland/sui

Ready for review

@ry ry requested review from devsnek and nathanwhit July 25, 2024 11:45
devsnek
devsnek approved these changes Jul 25, 2024
View reviewed changes
Copy link
Member

@devsnek devsnek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems legit. hope the double copy in FileBackedVfs can be fixed soon.

cli/standalone/binary.rs Outdated Show resolved Hide resolved
nathanwhit
nathanwhit approved these changes Jul 25, 2024
View reviewed changes
Copy link
Member

@nathanwhit nathanwhit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

The only real risk I see is staying up to date with apple's changes to mach-o (they've been known to add new load commands in updates). But since we're just patching offsets in LCs, it shouldn't be too hard to fix if that happens. I think it's probably not a big deal

@littledivy
revierw
b2e9d2c
@littledivy
Merge branch 'main' into sui
5b093dc 
Signed-off-by: Divy Srivastava <dj.srivastava23@gmail.com>
@littledivy littledivy merged commit 5bd7660 into denoland:main Aug 1, 2024
17 checks passed
@littledivy littledivy deleted the sui branch August 1, 2024 04:15
@paambaati paambaati mentioned this pull request Aug 1, 2024
Open
@littledivy littledivy mentioned this pull request Aug 1, 2024
Merged
@mweichert
Copy link

Hurray!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nathanwhit nathanwhit nathanwhit approved these changes

@devsnek devsnek devsnek approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.46
5 participants
@littledivy @bartlomieju @mweichert @devsnek @nathanwhit