Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UpdaterCommon: Fix code signing error after updating on macOS #9858

Merged
merged 1 commit into from
Jul 6, 2021
Merged

UpdaterCommon: Fix code signing error after updating on macOS #9858

merged 1 commit into from
Jul 6, 2021

Conversation

OatmealDome
Copy link
Member

@OatmealDome OatmealDome commented Jun 30, 2021
edited
Loading

Upon launching an app, macOS's kernel caches all code signatures from the main executable and any frameworks it uses. When the updater notices a file needs to be updated, it uses File::Copy(), which reads the contents of the new file and writes it over the contents of the old file. This operation does not invalidate the code signature cache. Therefore, when Dolphin is launched after the update operation is complete, the cached code signature is used to validate the new files. macOS then proceeds to kill Dolphin due to a code signing error.

The solution: Use Rename instead of Copy.

(Thanks to Quinn from the Apple Developer Forums for making a post about this quirk.

Also, this PR only fixes one issue with the macOS updater. If the bundle has the com.apple.quarantine xattr set, then the updater may fail to launch. #8915 fixes this issue.)

@OatmealDome
UpdaterCommon: Move the updated file instead of copying
dd5e0c6 
This prevents macOS from reading an old (cached) code signature on Mach-O executables.
@OatmealDome
Copy link
Member Author

I don't believe this breaks Windows, but I will check. If someone could build this PR so I can grab the artifacts, that would be great.

@OatmealDome
Copy link
Member Author

OatmealDome commented Jun 30, 2021
edited
Loading

OK, I confirmed the updater still works on Windows.

For reference, I tested by downloading 5.0-14095 and 5.0-14344 from dolphin-emu.org, running my local build of the updater (for Windows, the buildbot artifact) on 5.0-14095, and comparing to 5.0-14344.

Command line for Windows:

Updater.exe --this-manifest-url "https://update.dolphin-emu.org/manifest/win/f6/0d/29f2b79f6e8cca6c00c9b6e8cbfbb0fde6ef.manifest" --next-manifest-url "https://update.dolphin-emu.org/manifest/win/ac/c7/d3710d60552769f61f4b44bc8533a940df36.manifest" --content-store-url "https://update.dolphin-emu.org/content/" --install-base-path "DolphinScratch"

macOS:

MacUpdater.app/Contents/MacOS/MacUpdater --this-manifest-url="https://update.dolphin-emu.org/manifest/macos/f6/0d/29f2b79f6e8cca6c00c9b6e8cbfbb0fde6ef.manifest" --next-manifest-url="https://update.dolphin-emu.org/manifest/macos/ac/c7/d3710d60552769f61f4b44bc8533a940df36.manifest" --content-store-url="https://update.dolphin-emu.org/content/" --install-base-path="DolphinScratch"

leoetlino
leoetlino approved these changes Jul 6, 2021
View reviewed changes
Copy link
Member

@leoetlino leoetlino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sounds like a baffling oversight in macOS, but if moving instead of copying is all it takes to fix the updater...

@leoetlino leoetlino merged commit 683807a into dolphin-emu:master Jul 6, 2021
@OatmealDome OatmealDome mentioned this pull request Jan 30, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leoetlino leoetlino leoetlino approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
2 participants
@OatmealDome @leoetlino