Skip to content

Commit

Permalink
Do not rely on FileManager's isExecutableFile, check manually for Mac…
Browse files Browse the repository at this point in the history
…h-O executable type

Signed-off-by: Claudio Cambra <[email protected]>
  • Loading branch information
claucambra committed Nov 21, 2024
1 parent 9008448 commit 42acf72
Showing 1 changed file with 20 additions and 7 deletions.
27 changes: 20 additions & 7 deletions admin/osx/mac-crafter/Sources/Utils/Codesign.swift
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,21 @@ func isAppExtension(_ path: String) -> Bool {
path.hasSuffix(".appex")
}

func isExecutable(_ path: String) -> Bool {
FileManager.default.isExecutableFile(atPath: path)
func isExecutable(_ path: String) throws -> Bool {
let outPipe = Pipe()
let errPipe = Pipe()
let task = Process()
task.standardOutput = outPipe
task.standardError = errPipe

let command = "file \"\(path)\""
guard run("/bin/zsh", ["-c", command], task: task) == 0 else {
throw CodeSigningError.failedToCodeSign("Failed to determine if \(path) is an executable.")
}

let outputData = outPipe.fileHandleForReading.readDataToEndOfFile()
let output = String(data: outputData, encoding: .utf8) ?? ""
return output.contains("Mach-O 64-bit executable")
}

func codesign(identity: String, path: String, options: String = defaultCodesignOptions) throws {
Expand All @@ -57,11 +70,11 @@ func recursivelyCodesign(
}

for case let enumeratedItem as String in pathEnumerator {
guard isLibrary(enumeratedItem) ||
isAppExtension(enumeratedItem) ||
isExecutable(enumeratedItem)
else { continue }
try codesign(identity: identity, path: "\(path)/\(enumeratedItem)")
let isExecutableFile = try isExecutable(fm.currentDirectoryPath + "/" + path + "/" + enumeratedItem)
guard isLibrary(enumeratedItem) || isAppExtension(enumeratedItem) || isExecutableFile else {
continue
}
try codesign(identity: identity, path: "\(path)/\(enumeratedItem)", options: options)
}
}

Expand Down

0 comments on commit 42acf72

Please sign in to comment.