LIEF icon indicating copy to clipboard operation
LIEF copied to clipboard
verified publisher icon lief-project

Add support for signing mach-O binaries

Open isuruf opened this issue 4 years ago • 4 comments

Is your feature request related to a problem? Please describe.

With macOS-arm64, binaries need to be signed when running. The signature can be ad-hoc which means it is signed without any proof. When changing a binary, this signature becomes invalidated and therefore the binary becomes not executable.

LIEF already has a method to get the code signature, but not to re-sign. It'd be great to have a way to sign.

Describe the solution you'd like LIEF provides a feature to sign a mach-O binary

Describe alternatives you've considered

I've looked at ldid which is AGPL and zsign which doesn't have a license. I'd like to use a library which is not licensed GPL.

Additional context Add any other context or screenshots about the feature request here.

isuruf avatar Jul 24 '21 03:07 isuruf

Hi @isuruf I agree that it would be a nice feature but to be honest, I will not have time to handle it at mi-term.

romainthomas avatar Jul 31 '21 12:07 romainthomas

As a workaround Is there a reason codesign can't be used as a post process action?

https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html

farzonl avatar Aug 13 '21 06:08 farzonl

+1

cocos543 avatar Sep 16 '21 07:09 cocos543