Bring makesig back

[neilk]

According to @sah, the part of the code that makes an empty signature actually does work, so bring that back and add tests for it.

[neilk]

Note issue #2 suggests that our codesig constructor might be wrong for dylibs, under some circumstances. (When building an IPA, we make 5 slots? Is this for backwards compat or something?)

[neilk]

@dweinstein Maybe we can exchange info here on how to re-establish the makesig code.

The rest of the code currently constructs a valid LC_CODE_SIGNATURE structure.

However, it is not currently able to create the Mach-O load commands and such which point to the LC_CODE_SIGNATURE. This isn't needed most of the time, because:

• Almost every app you encounter has an LC_CODE_SIGNATURE already
• LC_CODE_SIGNATURE is invariably at the end of the file.

So, all we do currently overwrite the existing signature with our own, and then pad the whole thing out with lots of zeros.

It should be possible using Construct to recreate the proper load commands. However, the makesig code is from a time when we weren't able to sign multi-architecture binaries, so it probably needs to be updated for that.

Anyway it's more of a major change because instead of copying the file, then overwriting part of it, we'll have to add a whole new structure in the headers and then update every pointer accordingly. Hopefully Construct will just deal with that for us, or maybe not.

There's some good documenation on the internet about how Mach-O binaries are structured. I'll link some here as we go along.

[ryu2]

Has there been any work on this issue? If not, I could try taking a look at this as we are interested in signing unsigned binaries.

[neilk]

Please be my guest. There is some ancient code (commented out).