Skip to content

Incorrect signatures on published releases #2667

@oryonatan

Description

@oryonatan

Seems like the published xcframeworks contain incorrect signatures in version 6.9.0, 6.8.0 and 6.7.1.

This is:

  1. Deeply troubling from security perspective, did anyone meddle with the published binaries?
  2. Annoying for integrating in Xcode, as you need to manually re-sign the binaries.

you can quickly verify this by running

for file in (ls)                                                                                                                                                                                                                    
  codesign --verify --deep $file 
end

which will give you this troubling output:

RxBlocking.xcframework: a sealed resource is missing or invalid
RxCocoa.xcframework: a sealed resource is missing or invalid
RxRelay.xcframework: a sealed resource is missing or invalid
RxSwift.xcframework: invalid Info.plist (plist or signature have been modified)
RxTest.xcframework: a sealed resource is missing or invalid

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions