-
Notifications
You must be signed in to change notification settings - Fork 4.2k
Closed
Description
Seems like the published xcframeworks contain incorrect signatures in version 6.9.0, 6.8.0 and 6.7.1.
This is:
- Deeply troubling from security perspective, did anyone meddle with the published binaries?
- Annoying for integrating in Xcode, as you need to manually re-sign the binaries.
you can quickly verify this by running
for file in (ls)
codesign --verify --deep $file
end
which will give you this troubling output:
RxBlocking.xcframework: a sealed resource is missing or invalid
RxCocoa.xcframework: a sealed resource is missing or invalid
RxRelay.xcframework: a sealed resource is missing or invalid
RxSwift.xcframework: invalid Info.plist (plist or signature have been modified)
RxTest.xcframework: a sealed resource is missing or invalid
Metadata
Metadata
Assignees
Labels
No labels