Skip Menu |

This queue is for tickets about the PAR-Packer CPAN distribution.

Report information
The Basics
Id: 129312
Status: resolved
Priority: 0/
Queue: PAR-Packer
People
Owner: Nobody in particular
Requestors: Philip [...] kime.org.uk
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu Apr 25 12:34:17 2019 Philip [...] kime.org.uk - Ticket created
Subject: Code signing for OSX
Date: Thu, 25 Apr 2019 18:33:28 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Philip Kime <philkime [...] kime.org.uk>
Has anyone managed to codesign PAR::Packer executables on OSX? I believe that in OSX 10.15, this will start to be mandatory for mainstream binaries and since I provide a binary for a major opens-source software distribution (TeXLive/MacTeX), I will need to codesign the packed binaries. PK -- Dr Philip Kime
  Thu Apr 25 12:53:32 2019 welleozean [...] googlemail.com - Correspondence added
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Thu, 25 Apr 2019 18:53:19 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: welle Ozean <welleozean [...] googlemail.com>
I've done a lot of research in the last few weeks on the topic (and asked a similar question here, see archive to see the interesting insights that came out). The short answer is that executable created with PAR::Packer can NOT be codesigned out-of-the-box on OSX (I have no problems to codesign it on Windows though). I virtually met a guy that has written a small application that can modify the executable so that it can be codesigned on OSX. Unfortunately, it is not open source and a fee is required. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virenfrei. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < bug-PAR-Packer@rt.cpan.org>: Show quoted text
> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. > Transaction: Ticket created by Philip@kime.org.uk > Queue: PAR-Packer > Subject: Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > Has anyone managed to codesign PAR::Packer executables on OSX? I believe > that in OSX 10.15, this will start to be mandatory for mainstream binaries > and since I provide a binary for a major opens-source software distribution > (TeXLive/MacTeX), I will need to codesign the packed binaries. > > PK > -- > Dr Philip Kime >
  Thu Apr 25 12:53:32 2019 The RT System itself - Status changed from 'new' to 'open'
  Sat Apr 27 08:00:20 2019 philkime [...] kime.org.uk - Correspondence added
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 14:00:03 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
Hmm, I couldn’t see anything in the acrhive - do you have a link? I may look into this as PAR::Packer .exes will become an issue on OSX in the future if this isn’t solved given that codesigning will become mandatory. PK Show quoted text
> On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <bug-PAR-Packer@rt.cpan.org> wrote: > > Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. > Transaction: Correspondence added by welleozean@googlemail.com > Queue: PAR-Packer > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > I've done a lot of research in the last few weeks on the topic (and asked a > similar question here, see archive to see the interesting insights that > came out). The short answer is that executable created with PAR::Packer can > NOT be codesigned out-of-the-box on OSX (I have no problems to codesign it > on Windows though). I virtually met a guy that has written a small > application that can modify the executable so that it can be codesigned on > OSX. Unfortunately, it is not open source and a fee is required. > > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > Virenfrei. > www.avg.com > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < > bug-PAR-Packer@rt.cpan.org>: >
>> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. >> Transaction: Ticket created by Philip@kime.org.uk >> Queue: PAR-Packer >> Subject: Code signing for OSX >> Broken in: (no value) >> Severity: (no value) >> Owner: Nobody >> Requestors: Philip@kime.org.uk >> Status: new >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >> >> >> Has anyone managed to codesign PAR::Packer executables on OSX? I believe >> that in OSX 10.15, this will start to be mandatory for mainstream binaries >> and since I provide a binary for a major opens-source software distribution >> (TeXLive/MacTeX), I will need to codesign the packed binaries. >> >> PK >> -- >> Dr Philip Kime >>
-- Dr Philip Kime
  Sat Apr 27 08:28:02 2019 welleozean [...] googlemail.com - Correspondence added
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 14:27:41 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: welle ozean <welleozean [...] googlemail.com>
Hi, you are right. It was in the mailing list par@perl.org : you find it here: https://www.nntp.perl.org/group/perl.par/ PS: You are right about the urgency of the issue as it will become mandatary anytime soon. Welle Am Sa., 27. Apr. 2019 um 14:00 Uhr schrieb Kime Philip via RT < bug-PAR-Packer@rt.cpan.org>: Show quoted text
> Sat Apr 27 08:00:20 2019: Request 129312 was acted upon. > Transaction: Correspondence added by philkime@kime.org.uk > Queue: PAR-Packer > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: open > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > Hmm, I couldn’t see anything in the acrhive - do you have a link? I may > look into this as PAR::Packer .exes will become an issue on OSX in the > future if this isn’t solved given that codesigning will become mandatory. > > PK >
> > On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <
> bug-PAR-Packer@rt.cpan.org> wrote:
> > > > Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. > > Transaction: Correspondence added by welleozean@googlemail.com > > Queue: PAR-Packer > > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > > Broken in: (no value) > > Severity: (no value) > > Owner: Nobody > > Requestors: Philip@kime.org.uk > > Status: new > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > > > > I've done a lot of research in the last few weeks on the topic (and
> asked a
> > similar question here, see archive to see the interesting insights that > > came out). The short answer is that executable created with PAR::Packer
> can
> > NOT be codesigned out-of-the-box on OSX (I have no problems to codesign
> it
> > on Windows though). I virtually met a guy that has written a small > > application that can modify the executable so that it can be codesigned
> on
> > OSX. Unfortunately, it is not open source and a fee is required. > > > > <
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> > > > Virenfrei. > > www.avg.com > > <
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> > > > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > > > Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < > > bug-PAR-Packer@rt.cpan.org>: > >
> >> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. > >> Transaction: Ticket created by Philip@kime.org.uk > >> Queue: PAR-Packer > >> Subject: Code signing for OSX > >> Broken in: (no value) > >> Severity: (no value) > >> Owner: Nobody > >> Requestors: Philip@kime.org.uk > >> Status: new > >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > >> > >> > >> Has anyone managed to codesign PAR::Packer executables on OSX? I believe > >> that in OSX 10.15, this will start to be mandatory for mainstream
> binaries
> >> and since I provide a binary for a major opens-source software
> distribution
> >> (TeXLive/MacTeX), I will need to codesign the packed binaries. > >> > >> PK > >> -- > >> Dr Philip Kime > >>
> > -- > Dr Philip Kime >
  Sat Apr 27 09:50:29 2019 philkime [...] kime.org.uk - Correspondence added
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 15:50:16 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
Useful link, thank you. It is interesting that Mr Schupp mentions that strip would remove the appended parts but this highlights part of the issue with codesign I think as it give an error: strip: the __LINKEDIT segment does not cover the end of the file (can't be processed) in:… So it does indeed look like the appended parts need to be made into real MACH-O segments. PK Show quoted text
> On 27 Apr 2019, at 2:28 pm, claudio claudio via RT <bug-PAR-Packer@rt.cpan.org> wrote: > > <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > Hi, you are right. It was in the mailing list par@perl.org : you find it > here: https://www.nntp.perl.org/group/perl.par/ > PS: You are right about the urgency of the issue as it will become > mandatary anytime soon. > > Welle > > > > Am Sa., 27. Apr. 2019 um 14:00 Uhr schrieb Kime Philip via RT < > bug-PAR-Packer@rt.cpan.org>: >
>> Sat Apr 27 08:00:20 2019: Request 129312 was acted upon. >> Transaction: Correspondence added by philkime@kime.org.uk >> Queue: PAR-Packer >> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >> Broken in: (no value) >> Severity: (no value) >> Owner: Nobody >> Requestors: Philip@kime.org.uk >> Status: open >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >> >> >> Hmm, I couldn’t see anything in the acrhive - do you have a link? I may >> look into this as PAR::Packer .exes will become an issue on OSX in the >> future if this isn’t solved given that codesigning will become mandatory. >> >> PK >>
>>> On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <
>> bug-PAR-Packer@rt.cpan.org> wrote:
>>> >>> Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. >>> Transaction: Correspondence added by welleozean@googlemail.com >>> Queue: PAR-Packer >>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >>> Broken in: (no value) >>> Severity: (no value) >>> Owner: Nobody >>> Requestors: Philip@kime.org.uk >>> Status: new >>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>> >>> >>> I've done a lot of research in the last few weeks on the topic (and
>> asked a
>>> similar question here, see archive to see the interesting insights that >>> came out). The short answer is that executable created with PAR::Packer
>> can
>>> NOT be codesigned out-of-the-box on OSX (I have no problems to codesign
>> it
>>> on Windows though). I virtually met a guy that has written a small >>> application that can modify the executable so that it can be codesigned
>> on
>>> OSX. Unfortunately, it is not open source and a fee is required. >>> >>> <
>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>> >>> Virenfrei. >>> www.avg.com >>> <
>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>> >>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>> >>> Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < >>> bug-PAR-Packer@rt.cpan.org>: >>>
>>>> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. >>>> Transaction: Ticket created by Philip@kime.org.uk >>>> Queue: PAR-Packer >>>> Subject: Code signing for OSX >>>> Broken in: (no value) >>>> Severity: (no value) >>>> Owner: Nobody >>>> Requestors: Philip@kime.org.uk >>>> Status: new >>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>>> >>>> >>>> Has anyone managed to codesign PAR::Packer executables on OSX? I believe >>>> that in OSX 10.15, this will start to be mandatory for mainstream
>> binaries
>>>> and since I provide a binary for a major opens-source software
>> distribution
>>>> (TeXLive/MacTeX), I will need to codesign the packed binaries. >>>> >>>> PK >>>> -- >>>> Dr Philip Kime >>>>
>> >> -- >> Dr Philip Kime >>
>
-- Dr Philip Kime
  Sat Apr 27 10:33:53 2019 philkime [...] kime.org.uk - Correspondence added
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 16:33:35 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
I can get part of the way so far. I can manually fix the binary headers which makes codesign at least run but this breaks PAR. This is expected I suppose and we need to make some more modifications … Show quoted text
> codesign -s "Code Signing Test" -v b
b: signed Mach-O thin (x86_64) [b] Show quoted text
> ./b
format error: can't find EOCD signature at /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 723. Archive::Zip::Archive::_findEndOfCentralDirectory(Archive::Zip::Archive=HASH(0x7fcef88e1a88), IO::File=GLOB(0x7fcef8d6af98)) called at /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 596 Archive::Zip::Archive::readFromFileHandle(Archive::Zip::Archive=HASH(0x7fcef88e1a88), IO::File=GLOB(0x7fcef8d6af98), "/Users/philkime/Desktop/NB/./b") called at -e line 373 eval {...} called at -e line 41 __par_pl::BEGIN() called at -e line 614 eval {...} called at -e line 614 : at -e line 373. Show quoted text
> On 27 Apr 2019, at 2:28 pm, claudio claudio via RT <bug-PAR-Packer@rt.cpan.org> wrote: > > <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > Hi, you are right. It was in the mailing list par@perl.org : you find it > here: https://www.nntp.perl.org/group/perl.par/ > PS: You are right about the urgency of the issue as it will become > mandatary anytime soon. > > Welle > > > > Am Sa., 27. Apr. 2019 um 14:00 Uhr schrieb Kime Philip via RT < > bug-PAR-Packer@rt.cpan.org>: >
>> Sat Apr 27 08:00:20 2019: Request 129312 was acted upon. >> Transaction: Correspondence added by philkime@kime.org.uk >> Queue: PAR-Packer >> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >> Broken in: (no value) >> Severity: (no value) >> Owner: Nobody >> Requestors: Philip@kime.org.uk >> Status: open >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >> >> >> Hmm, I couldn’t see anything in the acrhive - do you have a link? I may >> look into this as PAR::Packer .exes will become an issue on OSX in the >> future if this isn’t solved given that codesigning will become mandatory. >> >> PK >>
>>> On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <
>> bug-PAR-Packer@rt.cpan.org> wrote:
>>> >>> Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. >>> Transaction: Correspondence added by welleozean@googlemail.com >>> Queue: PAR-Packer >>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >>> Broken in: (no value) >>> Severity: (no value) >>> Owner: Nobody >>> Requestors: Philip@kime.org.uk >>> Status: new >>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>> >>> >>> I've done a lot of research in the last few weeks on the topic (and
>> asked a
>>> similar question here, see archive to see the interesting insights that >>> came out). The short answer is that executable created with PAR::Packer
>> can
>>> NOT be codesigned out-of-the-box on OSX (I have no problems to codesign
>> it
>>> on Windows though). I virtually met a guy that has written a small >>> application that can modify the executable so that it can be codesigned
>> on
>>> OSX. Unfortunately, it is not open source and a fee is required. >>> >>> <
>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>> >>> Virenfrei. >>> www.avg.com >>> <
>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>> >>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>> >>> Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < >>> bug-PAR-Packer@rt.cpan.org>: >>>
>>>> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. >>>> Transaction: Ticket created by Philip@kime.org.uk >>>> Queue: PAR-Packer >>>> Subject: Code signing for OSX >>>> Broken in: (no value) >>>> Severity: (no value) >>>> Owner: Nobody >>>> Requestors: Philip@kime.org.uk >>>> Status: new >>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>>> >>>> >>>> Has anyone managed to codesign PAR::Packer executables on OSX? I believe >>>> that in OSX 10.15, this will start to be mandatory for mainstream
>> binaries
>>>> and since I provide a binary for a major opens-source software
>> distribution
>>>> (TeXLive/MacTeX), I will need to codesign the packed binaries. >>>> >>>> PK >>>> -- >>>> Dr Philip Kime >>>>
>> >> -- >> Dr Philip Kime >>
>
-- Dr Philip Kime
  Sat Apr 27 10:47:12 2019 philkime [...] kime.org.uk - Correspondence added
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 16:47:01 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
Hmm, I sense a problem here. In the linked comments from Mr Schupp, he states that the PAR signature can be located in the last 128K of the binary. However, it seems that codesign, at least with the cert etc. I am using, adds about 180K to the binary and so the signature can’t be found in the last 128K. Would that account for the error I noted below? PK Show quoted text
> On 27 Apr 2019, at 4:33 pm, Kime Philip via RT <bug-PAR-Packer@rt.cpan.org> wrote: > > Sat Apr 27 10:33:53 2019: Request 129312 was acted upon. > Transaction: Correspondence added by philkime@kime.org.uk > Queue: PAR-Packer > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: open > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > I can get part of the way so far. I can manually fix the binary headers which makes codesign at least run but this breaks PAR. This is expected I suppose and we need to make some more modifications … >
>> codesign -s "Code Signing Test" -v b
> b: signed Mach-O thin (x86_64) [b] >
>> ./b
> format error: can't find EOCD signature > at /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 723. > Archive::Zip::Archive::_findEndOfCentralDirectory(Archive::Zip::Archive=HASH(0x7fcef88e1a88), IO::File=GLOB(0x7fcef8d6af98)) called at /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 596 > Archive::Zip::Archive::readFromFileHandle(Archive::Zip::Archive=HASH(0x7fcef88e1a88), IO::File=GLOB(0x7fcef8d6af98), "/Users/philkime/Desktop/NB/./b") called at -e line 373 > eval {...} called at -e line 41 > __par_pl::BEGIN() called at -e line 614 > eval {...} called at -e line 614 > : at -e line 373. >
>> On 27 Apr 2019, at 2:28 pm, claudio claudio via RT <bug-PAR-Packer@rt.cpan.org> wrote: >> >> <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >> >> Hi, you are right. It was in the mailing list par@perl.org : you find it >> here: https://www.nntp.perl.org/group/perl.par/ >> PS: You are right about the urgency of the issue as it will become >> mandatary anytime soon. >> >> Welle >> >> >> >> Am Sa., 27. Apr. 2019 um 14:00 Uhr schrieb Kime Philip via RT < >> bug-PAR-Packer@rt.cpan.org>: >>
>>> Sat Apr 27 08:00:20 2019: Request 129312 was acted upon. >>> Transaction: Correspondence added by philkime@kime.org.uk >>> Queue: PAR-Packer >>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >>> Broken in: (no value) >>> Severity: (no value) >>> Owner: Nobody >>> Requestors: Philip@kime.org.uk >>> Status: open >>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>> >>> >>> Hmm, I couldn’t see anything in the acrhive - do you have a link? I may >>> look into this as PAR::Packer .exes will become an issue on OSX in the >>> future if this isn’t solved given that codesigning will become mandatory. >>> >>> PK >>>
>>>> On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <
>>> bug-PAR-Packer@rt.cpan.org> wrote:
>>>> >>>> Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. >>>> Transaction: Correspondence added by welleozean@googlemail.com >>>> Queue: PAR-Packer >>>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX >>>> Broken in: (no value) >>>> Severity: (no value) >>>> Owner: Nobody >>>> Requestors: Philip@kime.org.uk >>>> Status: new >>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>>> >>>> >>>> I've done a lot of research in the last few weeks on the topic (and
>>> asked a
>>>> similar question here, see archive to see the interesting insights that >>>> came out). The short answer is that executable created with PAR::Packer
>>> can
>>>> NOT be codesigned out-of-the-box on OSX (I have no problems to codesign
>>> it
>>>> on Windows though). I virtually met a guy that has written a small >>>> application that can modify the executable so that it can be codesigned
>>> on
>>>> OSX. Unfortunately, it is not open source and a fee is required. >>>> >>>> <
>>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>>> >>>> Virenfrei. >>>> www.avg.com >>>> <
>>> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>>> >>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >>>> >>>> Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < >>>> bug-PAR-Packer@rt.cpan.org>: >>>>
>>>>> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. >>>>> Transaction: Ticket created by Philip@kime.org.uk >>>>> Queue: PAR-Packer >>>>> Subject: Code signing for OSX >>>>> Broken in: (no value) >>>>> Severity: (no value) >>>>> Owner: Nobody >>>>> Requestors: Philip@kime.org.uk >>>>> Status: new >>>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > >>>>> >>>>> >>>>> Has anyone managed to codesign PAR::Packer executables on OSX? I believe >>>>> that in OSX 10.15, this will start to be mandatory for mainstream
>>> binaries
>>>>> and since I provide a binary for a major opens-source software
>>> distribution
>>>>> (TeXLive/MacTeX), I will need to codesign the packed binaries. >>>>> >>>>> PK >>>>> -- >>>>> Dr Philip Kime >>>>>
>>> >>> -- >>> Dr Philip Kime >>>
>>
> > -- > Dr Philip Kime
-- Dr Philip Kime
  Sat Apr 27 13:40:23 2019 welleozean [...] googlemail.com - Correspondence added
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 19:40:13 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: welle ozean <welleozean [...] googlemail.com>
Yes, I noted this too. Probably - but sure I am not - it would solve the problem to further relax the 128K slot. This was added in the past, as far as I could reconstruct the issue, to allow codesigning. As codesiging works fine on Windows, I suspect that it simply needs more space on macOS. Therefore, a possible solution could be to make the slot bigger. How to achieve this, unfortunately, I do not know (plus it is just a speculation). <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virenfrei. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> Am Sa., 27. Apr. 2019 um 16:47 Uhr schrieb Kime Philip via RT < bug-PAR-Packer@rt.cpan.org>: Show quoted text
> Sat Apr 27 10:47:12 2019: Request 129312 was acted upon. > Transaction: Correspondence added by philkime@kime.org.uk > Queue: PAR-Packer > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: open > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > Hmm, I sense a problem here. In the linked comments from Mr Schupp, he > states that the PAR signature can be located in the last 128K of the > binary. However, it seems that codesign, at least with the cert etc. I am > using, adds about 180K to the binary and so the signature can’t be found in > the last 128K. Would that account for the error I noted below? > > PK >
> > On 27 Apr 2019, at 4:33 pm, Kime Philip via RT <
> bug-PAR-Packer@rt.cpan.org> wrote:
> > > > Sat Apr 27 10:33:53 2019: Request 129312 was acted upon. > > Transaction: Correspondence added by philkime@kime.org.uk > > Queue: PAR-Packer > > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > > Broken in: (no value) > > Severity: (no value) > > Owner: Nobody > > Requestors: Philip@kime.org.uk > > Status: open > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > > > > I can get part of the way so far. I can manually fix the binary headers
> which makes codesign at least run but this breaks PAR. This is expected I > suppose and we need to make some more modifications …
> >
> >> codesign -s "Code Signing Test" -v b
> > b: signed Mach-O thin (x86_64) [b] > >
> >> ./b
> > format error: can't find EOCD signature > > at /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 723. > >
> Archive::Zip::Archive::_findEndOfCentralDirectory(Archive::Zip::Archive=HASH(0x7fcef88e1a88), > IO::File=GLOB(0x7fcef8d6af98)) called at > /loader/HASH(0x7fcef88aa428)/Archive/Zip/Archive.pm line 596
> >
> Archive::Zip::Archive::readFromFileHandle(Archive::Zip::Archive=HASH(0x7fcef88e1a88), > IO::File=GLOB(0x7fcef8d6af98), "/Users/philkime/Desktop/NB/./b") called at > -e line 373
> > eval {...} called at -e line 41 > > __par_pl::BEGIN() called at -e line 614 > > eval {...} called at -e line 614 > > : at -e line 373. > >
> >> On 27 Apr 2019, at 2:28 pm, claudio claudio via RT <
> bug-PAR-Packer@rt.cpan.org> wrote:
> >> > >> <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > >> > >> Hi, you are right. It was in the mailing list par@perl.org : you find
> it
> >> here: https://www.nntp.perl.org/group/perl.par/ > >> PS: You are right about the urgency of the issue as it will become > >> mandatary anytime soon. > >> > >> Welle > >> > >> > >> > >> Am Sa., 27. Apr. 2019 um 14:00 Uhr schrieb Kime Philip via RT < > >> bug-PAR-Packer@rt.cpan.org>: > >>
> >>> Sat Apr 27 08:00:20 2019: Request 129312 was acted upon. > >>> Transaction: Correspondence added by philkime@kime.org.uk > >>> Queue: PAR-Packer > >>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX > >>> Broken in: (no value) > >>> Severity: (no value) > >>> Owner: Nobody > >>> Requestors: Philip@kime.org.uk > >>> Status: open > >>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > >>> > >>> > >>> Hmm, I couldn’t see anything in the acrhive - do you have a link? I may > >>> look into this as PAR::Packer .exes will become an issue on OSX in the > >>> future if this isn’t solved given that codesigning will become
> mandatory.
> >>> > >>> PK > >>>
> >>>> On 25 Apr 2019, at 6:53 pm, claudio claudio via RT <
> >>> bug-PAR-Packer@rt.cpan.org> wrote:
> >>>> > >>>> Thu Apr 25 12:53:32 2019: Request 129312 was acted upon. > >>>> Transaction: Correspondence added by welleozean@googlemail.com > >>>> Queue: PAR-Packer > >>>> Subject: Re: [rt.cpan.org #129312] Code signing for OSX > >>>> Broken in: (no value) > >>>> Severity: (no value) > >>>> Owner: Nobody > >>>> Requestors: Philip@kime.org.uk > >>>> Status: new > >>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > >>>> > >>>> > >>>> I've done a lot of research in the last few weeks on the topic (and
> >>> asked a
> >>>> similar question here, see archive to see the interesting insights
> that
> >>>> came out). The short answer is that executable created with
> PAR::Packer
> >>> can
> >>>> NOT be codesigned out-of-the-box on OSX (I have no problems to
> codesign
> >>> it
> >>>> on Windows though). I virtually met a guy that has written a small > >>>> application that can modify the executable so that it can be
> codesigned
> >>> on
> >>>> OSX. Unfortunately, it is not open source and a fee is required. > >>>> > >>>> <
> >>>
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> >>>> > >>>> Virenfrei. > >>>> www.avg.com > >>>> <
> >>>
> http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> >>>> > >>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > >>>> > >>>> Am Do., 25. Apr. 2019 um 18:34 Uhr schrieb Philip Kime via RT < > >>>> bug-PAR-Packer@rt.cpan.org>: > >>>>
> >>>>> Thu Apr 25 12:34:17 2019: Request 129312 was acted upon. > >>>>> Transaction: Ticket created by Philip@kime.org.uk > >>>>> Queue: PAR-Packer > >>>>> Subject: Code signing for OSX > >>>>> Broken in: (no value) > >>>>> Severity: (no value) > >>>>> Owner: Nobody > >>>>> Requestors: Philip@kime.org.uk > >>>>> Status: new > >>>>> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > >>>>> > >>>>> > >>>>> Has anyone managed to codesign PAR::Packer executables on OSX? I
> believe
> >>>>> that in OSX 10.15, this will start to be mandatory for mainstream
> >>> binaries
> >>>>> and since I provide a binary for a major opens-source software
> >>> distribution
> >>>>> (TeXLive/MacTeX), I will need to codesign the packed binaries. > >>>>> > >>>>> PK > >>>>> -- > >>>>> Dr Philip Kime > >>>>>
> >>> > >>> -- > >>> Dr Philip Kime > >>>
> >>
> > > > -- > > Dr Philip Kime
> > -- > Dr Philip Kime >
  Sat Apr 27 14:26:26 2019 philkime [...] kime.org.uk - Correspondence added
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sat, 27 Apr 2019 20:26:09 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
I now have an OSX C program which which I can contribute which fixes the two issues preventing code signing. It only works with 64-bit non-fat Mach-O binaries but since, I believe, this is what is allowed by Apple for distributions that uses code-signing, I don’t see a problem with this. I can generalise it if necessary. See sample output: Show quoted text
> codesign -v -s "Code Signing Test" --force --timestamp --options=runtime ppbinary
ppbinary: main executable failed strict validation Show quoted text
> pp_codesign_fix ppbinary
Correcting __LINKEDIT Old File Size: 5836 New File Size: 17888447 Old VM Size: 8192 New VM Size: 17888447 Correcting LC_SYMTAB Old String Table Size: 1848 New String Table Size: 17884459 Show quoted text
> codesign -v -s "Code Signing Test" --force --timestamp --options=runtime ppbinary
ppbinary: signed Mach-O thin (x86_64) [ppbinary] However, the signed binary is broken for PAR: Show quoted text
> ./ppbinary
format error: can't find EOCD signature at /loader/HASH(0x7fb593093028)/Archive/Zip/Archive.pm line 723. Archive::Zip::Archive::_findEndOfCentralDirectory(Archive::Zip::Archive=HASH(0x7fb593801888), IO::File=GLOB(0x7fb593511598)) called at /loader/HASH(0x7fb593093028)/Archive/Zip/Archive.pm line 596 Archive::Zip::Archive::readFromFileHandle(Archive::Zip::Archive=HASH(0x7fb593801888), IO::File=GLOB(0x7fb593511598), "/Users/philkime/Desktop/NB/./ppbinary") called at -e line 373 eval {...} called at -e line 41 __par_pl::BEGIN() called at -e line 614 eval {...} called at -e line 614 : at -e line 373. Compare the file sizes before and after codesigning: BEFORE: 21107903 AFTER: 21291136 Difference is ~180K which is all appended after the PAR signature. Can Mr Schupp or someone familiar with this comment on whether this looks like the 128K PAR signature limit needs to be relaxed further or is this a different problem?
  Sat Apr 27 18:37:38 2019 philkime [...] kime.org.uk - Correspondence added
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sun, 28 Apr 2019 00:37:21 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
Looking into this further, I am fairly sure that Archive::Zip::ChunkSize needs to be increased in par.pl and also the 128k limit for the PAR signature also needs to be increased. Doubling both to 256k would likely be appropriate. All tests for PAR::Packer pass if I do this but I still get the same error after codesigning so I am missing something as Archive::Zip still fails to find the EOCD marker for some reason, even with the increased window size which does (I have checked) include the EOCD marker once the ChunkSize has been modified. -- Dr Philip Kime
  Sun Apr 28 08:08:23 2019 philkime [...] kime.org.uk - Correspondence added
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Sun, 28 Apr 2019 14:08:09 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: Kime Philip <philkime [...] kime.org.uk>
I believe that I now have a fix for this. See: https://github.com/rschupp/PAR-Packer/pull/14 There is a contributed small program which is run on the pp exe and edits it in-place. This makes codesigning work. There is a also a small fix for par.pl required in PAR::Packer to allow unpacking of codesigned exes. With these two elements in place, in my tests, I can codesign and run a pp binary. PK Show quoted text
> On 28 Apr 2019, at 12:37 am, Kime Philip <Philip@kime.org.uk> wrote: > > > Looking into this further, I am fairly sure that Archive::Zip::ChunkSize needs to be increased in par.pl and also the 128k limit for the PAR signature also needs to be increased. Doubling both to 256k would likely be appropriate. All tests for PAR::Packer pass if I do this but I still get the same error after codesigning so I am missing something as Archive::Zip still fails to find the EOCD marker for some reason, even with the increased window size which does (I have checked) include the EOCD marker once the ChunkSize has been modified. > > -- > Dr Philip Kime >
-- Dr Philip Kime
  Mon Apr 29 03:59:43 2019 welleozean [...] googlemail.com - Correspondence added
Subject: Re: [rt.cpan.org #129312] Code signing for OSX
Date: Mon, 29 Apr 2019 09:59:21 +0200
To: bug-PAR-Packer [...] rt.cpan.org
From: welle ozean <welleozean [...] googlemail.com>
I tried it out and I have been able to create my executable, fix it and code sign it correctly. Great job! Welle Am So., 28. Apr. 2019 um 14:08 Uhr schrieb Kime Philip via RT < bug-PAR-Packer@rt.cpan.org>: Show quoted text
> Sun Apr 28 08:08:23 2019: Request 129312 was acted upon. > Transaction: Correspondence added by philkime@kime.org.uk > Queue: PAR-Packer > Subject: Re: [rt.cpan.org #129312] Code signing for OSX > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Philip@kime.org.uk > Status: open > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=129312 > > > > I believe that I now have a fix for this. See: > > https://github.com/rschupp/PAR-Packer/pull/14 > > There is a contributed small program which is run on the pp exe and edits > it in-place. This makes codesigning work. There is a also a small fix for > par.pl required in PAR::Packer to allow unpacking of codesigned exes. > With these two elements in place, in my tests, I can codesign and run a pp > binary. > > PK >
> > On 28 Apr 2019, at 12:37 am, Kime Philip <Philip@kime.org.uk> wrote: > > > > > > Looking into this further, I am fairly sure that Archive::Zip::ChunkSize
> needs to be increased in par.pl and also the 128k limit for the PAR > signature also needs to be increased. Doubling both to 256k would likely be > appropriate. All tests for PAR::Packer pass if I do this but I still get > the same error after codesigning so I am missing something as Archive::Zip > still fails to find the EOCD marker for some reason, even with the > increased window size which does (I have checked) include the EOCD marker > once the ChunkSize has been modified.
> > > > -- > > Dr Philip Kime > >
> > -- > Dr Philip Kime >
  Mon Apr 29 04:55:56 2019 RSCHUPP [...] cpan.org - Correspondence added
On 2019-04-28 08:08:23, philkime@kime.org.uk wrote: Show quoted text
> I believe that I now have a fix for this. See: > > https://github.com/rschupp/PAR-Packer/pull/14
Thanks Phil! See my comments on the PR, it's almost ready to be merged and I'll do a release of PAR::Packer then. Cheers, Roderich
  Sun Mar 08 18:57:51 2020 KWALZER [...] cpan.org - Correspondence added
Anyone know if this ticket adds support for code signing (Authenticode/signtool) on Windows? I'm currently shipping a full installation of Strawberry Perl with my app because of code signing requirements, but would love to use pp again.
  Tue Mar 10 12:13:59 2020 philkime [...] kime.org.uk - Correspondence added
On Sun Mar 08 18:57:51 2020, KWALZER wrote: Show quoted text
> Anyone know if this ticket adds support for code signing > (Authenticode/signtool) on Windows? I'm currently shipping a full > installation of Strawberry Perl with my app because of code signing > requirements, but would love to use pp again.
It doesn't - it was just for OSX codesigning but it was just to fix issues that prevented codesigning - have you tried codesigning pp exes on Windows? It might work ...
  Sun Nov 29 17:33:58 2020 KWALZER [...] cpan.org - Correspondence added
On Mon Apr 29 03:59:43 2019, welleozean@googlemail.com wrote: Show quoted text
> I tried it out and I have been able to create my executable, fix it > and > code sign it correctly. Great job! > > Welle
I am unable to get code signing working with a Mac executable packed with pp version 1.051--it "fails strict validation." The fix at https://stackoverflow.com/questions/28863500/code-signing-in-mac-with-perl-scripts-compiled-with-parpacker-fails does work, but I thought this bug had been fixed with pp. Am I missing something? I'm using macOS 11.0/Big Sur.
  Mon Nov 30 03:33:38 2020 RSCHUPP [...] cpan.org - Correspondence added
On 2020-11-29 17:33:58, KWALZER wrote: Show quoted text
> I am unable to get code signing working with a Mac executable packed > with pp version 1.051--it "fails strict validation." The fix at > https://stackoverflow.com/questions/28863500/code-signing-in-mac-with- > perl-scripts-compiled-with-parpacker-fails does work, but I thought > this bug had been fixed with pp. Am I missing something? I'm using > macOS 11.0/Big Sur.
Did you run the executable build from contrib/pp_osx_codesign_fix/pp_osx_codesign_fix.c? Cheers, Roderich
  Mon Nov 30 10:44:40 2020 KWALZER [...] cpan.org - Correspondence added
On Mon Nov 30 03:33:38 2020, RSCHUPP wrote: Show quoted text
> Did you run the executable build from > contrib/pp_osx_codesign_fix/pp_osx_codesign_fix.c? >
I did not. Neither the documentation, the changelog, nor the email threads made clear that this was a necessary step.
  Mon Nov 30 11:16:26 2020 RSCHUPP [...] cpan.org - Correspondence added
On 2020-11-30 10:44:40, KWALZER wrote: Show quoted text
> I did not. Neither the documentation, the changelog, nor the email > threads made clear that this was a necessary step.
Err, from the Changes file: 1.048 2019-04-29 - Fix RT#129312: Code signing for OSX Apply pull request from Philip Kime, adds a small program that will fix up an executable generated by pp so that MacOS codesigning will accept it, see contrib/pp_osx_codesign_fix/pp_osx_codesign_fix.c Cheers, Roderich
  Mon Nov 30 11:16:27 2020 RSCHUPP [...] cpan.org - Status changed from 'open' to 'resolved'
  Mon Nov 30 11:35:23 2020 KWALZER [...] cpan.org - Correspondence added
On Mon Nov 30 11:16:26 2020, RSCHUPP wrote: Show quoted text
> On 2020-11-30 10:44:40, KWALZER wrote:
> > I did not. Neither the documentation, the changelog, nor the email > > threads made clear that this was a necessary step.
> > Err, from the Changes file: > > 1.048 2019-04-29 > > - Fix RT#129312: Code signing for OSX
I overlooked the one-line gcc comment in the source file. I understand that these sorts of things are sometimes brief, but I think this is the tersest documentation I've ever read. :-) I was looking for more detailed comments in the changelog, cf. "this file must be compiled separately," or in the man page. Better still would be automatic compilation and installation on macOS - could the OP submit a pull request to modify the makefile and man page? If not, I suppose I have what I need going forward.