On 27 Oct 2015, at 05:41, Conrad Kramer <ckrames1234@gmail.com> wrote:
On Oct 26, 2015, at 11:22 AM, Spencer <spencerone@openmailbox.org> wrote:
Hi,
Conrad Kramer: All resources in a bundle (e.g. an app or framework) are signed and the signatures are stored in a file named "CodeResources”:
Then what is in 'CodeSignature', Apple's signing stuff?
The `_CodeSignature` folder currently only contains the `CodeResources` file. The `CodeResources` file is simple XML.
The executables have their own signature in the `LC_CODE_SIGNATURE` load command in the Mach-O binary.
Reproducible builds will be much easier if the executable signatures are also placed in a separate file, rather than modifying the executable. I'm guessing there's no option for detached executable signatures? Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F