Code signing on Mac #18
Description
I ran into a problem after upgrading from sqlc-gen-python_1.0.0.wasm to sqlc-gen-python_1.1.0.wasm on a Mac with Apple Silicon.
When I try to run sqlc using the plugin with 1.1.0, the process is killed.
Console output:
default 14:57:39.947500-0400 kernel CODE SIGNING: process 18673[sqlc]: rejecting invalid page at address 0x12e498000 from offset 0x4000 in file "" (cs_mtime:0.0 == mtime:0.0) (signed:0 validated:0 tainted:0 nx:0 wpmapped:1 dirty:0 depth:0)
I checked the signature, and I thought it looked fine:
codesign -dvvv --deep sqlc
Executable=/private/var/tmp/_bazel_bretwalker/5f1e154eeb3037a5f000bde1a5a0b737/external/sqlc_release/sqlc
Identifier=sqlc
Format=Mach-O thin (arm64)
CodeDirectory v=20500 size=581360 flags=0x10000(runtime) hashes=18162+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=ecc37620dc0926c725d806a625f1a5940e090d6d
CandidateCDHashFull sha256=ecc37620dc0926c725d806a625f1a5940e090d6dac7b613ba3cfce13eec15ffc
Hash choices=sha256
CMSDigest=ecc37620dc0926c725d806a625f1a5940e090d6dac7b613ba3cfce13eec15ffc
CMSDigestType=2
Launch Constraints:
None
CDHash=ecc37620dc0926c725d806a625f1a5940e090d6d
Signature size=8972
Authority=Developer ID Application: Kyle Conroy (88ZP47B2C5)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jul 31, 2023 at 4:06:00 PM
Info.plist=not bound
TeamIdentifier=88ZP47B2C5
Runtime Version=13.3.0
Sealed Resources=none
Internal requirements count=1 size=164
But after ad hoc signing, the process was no longer killed:
sudo codesign -f -s - sqlc