Preserve entitlements in MacOS signer #115800
Draft
+1,979
−763
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Write out the updated symtab command when writing Mach-O file - Pass macosCodesign through to test CreateAppHost methods - Remove redundant `codesign` checks - Warn when bundler is told to sign the bundle for a non-macos target
- Allow macosCodesign to be true for non-mac bundles - Allow some padding between string table and signature
- Use the same memory-mapped file instance for placeholder replacement and signing - formatting changes
…ntime into ManagedSignBundles
|
Tagging subscribers to this area: @vitek-karas, @agocke |
- Delete CodeSignature class and move methods on relevant blobs instead. - Use EmbeddedSignatureBlob as the "signature" for the MachO file. - Save old EmbeddedSignatureBlob in Bundling to preserve the entitlements. - Add test to verify that the entitlements are preserved in the bundle.
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the Mach-O signing code to use class-based blob types, preserves entitlements (and DER entitlements) during signing, and streamlines how bundles and signatures are applied.
- Introduce new BlobMagic entries for Entitlements and DerEntitlements.
- Convert signature blob structs to an OO hierarchy (Blob, SimpleBlob, SuperBlob, etc.).
- Update Bundler and HostWriter to preserve existing entitlements and avoid remapping files unnecessarily.
Reviewed Changes
Copilot reviewed 28 out of 28 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/installer/managed/Microsoft.NET.HostModel/MachO/Enums/BlobMagic.cs | Add Entitlements and DerEntitlements magic constants. |
| src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/LinkEditCommand.cs | Rename struct to LinkEditLoadCommand. |
| src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs | Refactor bundle creation to use streams and memory‐mapped file; preserve entitlements. |
| src/installer/managed/Microsoft.NET.HostModel/AppHost/HostWriter.cs | Consolidate signature handling and update method visibility. |
Comments suppressed due to low confidence (3)
src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/LinkEditCommand.cs:15
- The file name 'LinkEditCommand.cs' no longer matches the updated struct name 'LinkEditLoadCommand'; consider renaming the file to 'LinkEditLoadCommand.cs' for consistency.
internal struct LinkEditLoadCommand
src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs:281
- The 'relativePathToSpec' dictionary is declared but never used; consider removing this variable to clean up unused code.
var relativePathToSpec = new Dictionary<string, FileSpec>(StringComparer.Ordinal);
src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/EmbeddedSignatureBlob.cs:170
- This new method for calculating signature size and preserving entitlements could benefit from dedicated unit tests to validate size calculations across scenarios, including with and without existing entitlements.
internal static unsafe long GetSignatureSize(uint fileSize, string identifier, EmbeddedSignatureBlob? existingSignature, byte? hashSize = null)
src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/SuperBlob.cs
Outdated
Show resolved
Hide resolved
This was referenced Jun 4, 2025
This was referenced Jun 4, 2025
agocke
reviewed
Jun 4, 2025
src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/Bundle/Bundler.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/Blob.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/SimpleBlob.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/SimpleBlob.cs
Outdated
Show resolved
Hide resolved
src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/EmbeddedSignatureBlob.cs
Outdated
Show resolved
Hide resolved
This was referenced Jun 6, 2025
elinor-fung
reviewed
Jun 6, 2025
src/installer/managed/Microsoft.NET.HostModel/MachO/BinaryFormat/Blobs/SuperBlob.cs
Outdated
Show resolved
Hide resolved
- Don't use multiple levels of inheritance for blobs - Add IMachOFileReader/Writer to abstract Stream and MemoryMappedViewAccessor based files - Use IMachOFileReader/Writer as the interface for reading/writing to the disk for MachO files and blobs
This was referenced Jun 11, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Preserve entitlements in the manages Mach-O signer for both regular apphost and singlefilehost.
Adds entitlements to singlefilehost during the build.
Refactors the signature blob types to be classes that implement IBlob. The various named blobs derive from SimpleBlob or SuperBlob (except for CodeDirectoryBlob which is more complex). SimpleBlob and SuperBlob provide methods for accessing info about the blobs and writing to a file. IMachFile is used for writing to allow reading and writing from/to a Stream or MemoryMappedViewAccessor.
The CodeSignature class was replaced with just the EmbeddedSignatureBlob, a SuperBlob containing other relevant signature blobs. Methods from the CodeSignature class were move to the relevant blob class.
HostWriter.SetAsBundle was moved to the Bundle class to avoid having to remap the memory mapped file multiple times. Since the host destination stream is never closed between creating the bundle and SetAsBundle / Signing the bundle, we don't need to create a new copy with a new inode to sign and replace the existing bundle.
cc @dotnet/appmodel