Codesign在OSX上的哪里将签名文本文件的签名存储在哪里? [英] Where does codesign store the signature for a signed text file on OSX?

问题描述

我有一个具有以下结构的简单应用程序包:

myapp.app/Contents/
myapp.app/Contents/MacOS/myapp
myapp.app/Contents/Resources/empty.lproj
myapp.app/Contents/Info.plist
myapp.app/Contents/PkgInfo

如果我执行

codesign -s "Developer ID" myapp.app/Contents/Info.plist

我可以检查文件是否已签名

codesign -d -v myapp.app/Contents/Info.plist

给出以下输出

Executable=/pathToApp/quicknanobrowser.app/Contents/Info.plist
Identifier=Info
Format=generic
CodeDirectory v=20100 size=113 flags=0x0(none) hashes=1+2 location=embedded
Signature size=1278
Signed Time=26 Jan 2016 12:31:24
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=1 size=80

文件签名的数据存储在哪里?文件夹结构未更改(没有新文件)，文件大小未更改.它存储在某些文件系统特定的元数据中吗?是否可以访问/读取此元数据?

解决方案

对于非mach-o二进制文件，codesign将签名存储在每个文件元数据中，这些元数据称为HFS +扩展属性:

ls -l@ Info.plist

com.apple.cs.CodeDirectory  142 
com.apple.cs.CodeRequirements   180 
com.apple.cs.CodeSignature  8551 

您可以使用xattr

窥视这些属性的内容

xattr -p com.apple.cs.CodeSignature Info.plist

，但是该工具似乎喜欢以十六进制形式进行转储.尽管您过去可以通过将/rsrc附加到文件名(例如cat blah/rsrc)来获得资源叉(也是扩展属性)，但似乎似乎没有用于访问属性的shell简写.

I have a simple app bundle with the following structure:

myapp.app/Contents/
myapp.app/Contents/MacOS/myapp
myapp.app/Contents/Resources/empty.lproj
myapp.app/Contents/Info.plist
myapp.app/Contents/PkgInfo

If I execute

codesign -s "Developer ID" myapp.app/Contents/Info.plist

I can check that the file got signed with

codesign -d -v myapp.app/Contents/Info.plist

which gives the following output

Executable=/pathToApp/quicknanobrowser.app/Contents/Info.plist
Identifier=Info
Format=generic
CodeDirectory v=20100 size=113 flags=0x0(none) hashes=1+2 location=embedded
Signature size=1278
Signed Time=26 Jan 2016 12:31:24
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=1 size=80

Where is the data that the file was signed stored? The folder structure did not change (no new files), the size of the file did not change. Is it stored in some filesystem specific metadata? Is it possible to access / read this metadata?

解决方案

For non mach-o binaries, codesign stores the signature in per-file metadata called HFS+ extended attributes:

ls -l@ Info.plist

com.apple.cs.CodeDirectory  142 
com.apple.cs.CodeRequirements   180 
com.apple.cs.CodeSignature  8551 

You can peek at the contents of these attributes with xattr

xattr -p com.apple.cs.CodeSignature Info.plist

but the tool seems to like dumping in hexadecimal. There doesn't seem to be a shell shorthand for accessing the attributes, although you used to be able to get at the Resource Fork (also an extended attribute) by appending /rsrc to the filename (e.g. cat blah/rsrc).

这篇关于Codesign在OSX上的哪里将签名文本文件的签名存储在哪里?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！