codesign chooses a bad identifier when signing a disk image with a version number in its filename
| Originator: | mark | ||
| Number: | rdar://27401688 | Date Originated: | 2016-07-18 |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | 10.11.5 15F34 |
| Classification: | Security | Reproducible: | Always |
Disk image signing is available in 10.11.4 and later. https://developer.apple.com/library/prerelease/content/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG18 When signing a disk image with a filename that contains its version number, codesign --sign chooses a bad identifier by default. When software is distributed by disk image, it’s common for the disk image’s filename to contain the software’s version number. For example, MyApp-1.2.3.dmg. When signing a disk image whose filename is of this form, codesign chooses MyApp-1 as the identifier baked into the code signature and designated requirement. The identifier can be viewed with codesign --display. Steps to Reproduce: Create a disk image with a file name of the format MyApp-1.2.3 and sign it. $ mkdir empty $ hdiutil create -srcdir empty -fs HFS+ -format UDZO -imagekey zlib-level=9 -o MyApp-1.2.3.dmg . created: …/MyApp-1.2.3.dmg $ codesign --sign='Developer ID Application: Me' MyApp-1.2.3.dmg $ codesign --display --requirements=- --verbose MyApp-1.2.3.dmg Expected Results: The identifier as shown in the Identifier= field and the designated requirement should be the name of the disk image file. If it’s altered in any way, the .dmg suffix should be removed, but codesign --sign shouldn’t have chopped off only a portion of the version number. I would expect the identifier to be MyApp-1.2.3 as shown in the Identifier= and designated requirement below. $ codesign --display --requirements=- --verbose MyApp-1.2.3.dmg Executable=…/MyApp-1.2.3.dmg Identifier=MyApp-1.2.3 Format=disk image CodeDirectory v=20200 size=295 flags=0x0(none) hashes=1+6 location=embedded Signature size=8863 Timestamp=Jul 18, 2016, 12:00:00 AM Info.plist=not bound TeamIdentifier=1234567890 Sealed Resources=none designated => identifier "MyApp-1.2.3" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "1234567890" Actual Results: The identifier is MyApp-1. Part of the version number has been chopped off. $ codesign --display --requirements=- --verbose MyApp-1.2.3.dmg Executable=…/MyApp-1.2.3.dmg Identifier=MyApp-1 Format=disk image CodeDirectory v=20200 size=295 flags=0x0(none) hashes=1+6 location=embedded Signature size=8863 Timestamp=Jul 18, 2016, 12:00:00 AM Info.plist=not bound TeamIdentifier=1234567890 Sealed Resources=none designated => identifier "MyApp-1" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "1234567890" Version: 10.11.5 15F34 10.12dp2 16A239j Configuration: This does not occur with a disk image filename such as MyApp-1.2.3b4.dmg. In that case, the identifier is MyApp-1.2.3b4. The --identifier argument can be used with codesign --sign to provide an identifier other than the default chosen by codesign.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!