Where does codesign store the signature for a sign

2019-04-11 03:12发布

站内问答 / 后端开发
381 1 5

I have a simple app bundle with the following structure:

myapp.app/Contents/
myapp.app/Contents/MacOS/myapp
myapp.app/Contents/Resources/empty.lproj
myapp.app/Contents/Info.plist
myapp.app/Contents/PkgInfo

If I execute 

codesign -s "Developer ID" myapp.app/Contents/Info.plist

I can check that the file got signed with

codesign -d -v myapp.app/Contents/Info.plist

which gives the following output

Executable=/pathToApp/quicknanobrowser.app/Contents/Info.plist
Identifier=Info
Format=generic
CodeDirectory v=20100 size=113 flags=0x0(none) hashes=1+2 location=embedded
Signature size=1278
Signed Time=26 Jan 2016 12:31:24
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=1 size=80

Where is the data that the file was signed stored? The folder structure did not change (no new files), the size of the file did not change. Is it stored in some filesystem specific metadata? Is it possible to access / read this metadata?

1条回答
Viruses.
2楼-- · 2019-04-11 03:28

For non mach-o binaries, codesign stores the signature in per-file metadata called HFS+ extended attributes:

ls -l@ Info.plist

com.apple.cs.CodeDirectory  142 
com.apple.cs.CodeRequirements   180 
com.apple.cs.CodeSignature  8551

You can peek at the contents of these attributes with xattr

xattr -p com.apple.cs.CodeSignature Info.plist

but the tool seems to like dumping in hexadecimal. There doesn't seem to be a shell shorthand for accessing the attributes, although you used to be able to get at the Resource Fork (also an extended attribute) by appending /rsrc to the filename (e.g. cat blah/rsrc).

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)