Where does codesign store the signature for a sign

2019-04-11 03:22发布

问题:

I have a simple app bundle with the following structure:

myapp.app/Contents/
myapp.app/Contents/MacOS/myapp
myapp.app/Contents/Resources/empty.lproj
myapp.app/Contents/Info.plist
myapp.app/Contents/PkgInfo

If I execute

codesign -s "Developer ID" myapp.app/Contents/Info.plist

I can check that the file got signed with

codesign -d -v myapp.app/Contents/Info.plist

which gives the following output

Executable=/pathToApp/quicknanobrowser.app/Contents/Info.plist
Identifier=Info
Format=generic
CodeDirectory v=20100 size=113 flags=0x0(none) hashes=1+2 location=embedded
Signature size=1278
Signed Time=26 Jan 2016 12:31:24
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=1 size=80

Where is the data that the file was signed stored? The folder structure did not change (no new files), the size of the file did not change. Is it stored in some filesystem specific metadata? Is it possible to access / read this metadata?

回答1:

For non mach-o binaries, codesign stores the signature in per-file metadata called HFS+ extended attributes:

ls -l@ Info.plist

com.apple.cs.CodeDirectory  142 
com.apple.cs.CodeRequirements   180 
com.apple.cs.CodeSignature  8551 

You can peek at the contents of these attributes with xattr

xattr -p com.apple.cs.CodeSignature Info.plist

but the tool seems to like dumping in hexadecimal. There doesn't seem to be a shell shorthand for accessing the attributes, although you used to be able to get at the Resource Fork (also an extended attribute) by appending /rsrc to the filename (e.g. cat blah/rsrc).