From 42acf72d5c1bd92fa85db65df1d36a49a231817c Mon Sep 17 00:00:00 2001 From: Claudio Cambra Date: Thu, 21 Nov 2024 18:28:19 +0800 Subject: [PATCH] Do not rely on FileManager's isExecutableFile, check manually for Mach-O executable type Signed-off-by: Claudio Cambra --- .../mac-crafter/Sources/Utils/Codesign.swift | 27 ++++++++++++++----- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift index a2b961eb87e3d..bb8ded8ffeb6e 100644 --- a/admin/osx/mac-crafter/Sources/Utils/Codesign.swift +++ b/admin/osx/mac-crafter/Sources/Utils/Codesign.swift @@ -32,8 +32,21 @@ func isAppExtension(_ path: String) -> Bool { path.hasSuffix(".appex") } -func isExecutable(_ path: String) -> Bool { - FileManager.default.isExecutableFile(atPath: path) +func isExecutable(_ path: String) throws -> Bool { + let outPipe = Pipe() + let errPipe = Pipe() + let task = Process() + task.standardOutput = outPipe + task.standardError = errPipe + + let command = "file \"\(path)\"" + guard run("/bin/zsh", ["-c", command], task: task) == 0 else { + throw CodeSigningError.failedToCodeSign("Failed to determine if \(path) is an executable.") + } + + let outputData = outPipe.fileHandleForReading.readDataToEndOfFile() + let output = String(data: outputData, encoding: .utf8) ?? "" + return output.contains("Mach-O 64-bit executable") } func codesign(identity: String, path: String, options: String = defaultCodesignOptions) throws { @@ -57,11 +70,11 @@ func recursivelyCodesign( } for case let enumeratedItem as String in pathEnumerator { - guard isLibrary(enumeratedItem) || - isAppExtension(enumeratedItem) || - isExecutable(enumeratedItem) - else { continue } - try codesign(identity: identity, path: "\(path)/\(enumeratedItem)") + let isExecutableFile = try isExecutable(fm.currentDirectoryPath + "/" + path + "/" + enumeratedItem) + guard isLibrary(enumeratedItem) || isAppExtension(enumeratedItem) || isExecutableFile else { + continue + } + try codesign(identity: identity, path: "\(path)/\(enumeratedItem)", options: options) } }