Michael Eisel
Michael Eisel
I think that could be an interesting way to do it, yeah. My one concern would be if there are any APIs, like candle, that assume that if two devices...
Large app binaries can be >1GB. I think if you make a small test app, but add the linker flag `-Wl,-sectcreate,__DATA,GIANT_SECTION,/path/to/some_giant_file`, you can make an artificially large binary to sign...
*Large _debug_ app binaries can be >1GB (they lack size optimization and include additional debug metadata)
Thank you for doing this. Unfortunately, when I tried to measure the speed on an internal test app, I got the following: `Error: bundle Info.plist does not define CFBundleIdentifier: MyApp.app/SomeBundle.bundle/Base.lproj/SomeStoryboard.storyboardc/Info.plist`....
Another couple things that would be helpful, aside from resolving that bug: - Getting byte-for-byte identical signings between rcodesign and some recent version of Apple's codesign (this would go a...
The timestamp issue can be solved in Apple codesign with `--disable_timestamp` I believe. Reproducible code signing is important for Bazel, there may be a few more tricks in https://github.com/bazelbuild/rules_apple/blob/master/apple/internal/codesigning_support.bzl ....
Very cool. You may also be interested in a project I released this spring, https://github.com/michaeleisel/AutoPen , which makes the existing codesign tool faster
Parallel signing on mmap'd files (just the main binary for now) is done with https://github.com/michaeleisel/AutoPen/blob/main/libautopen/swapper.hpp#L75 and `populateDigests`
The codesign option I'm referring to is `--resource-rules`, which I discuss in my blog post linked below. It does indeed cause Apple to make a fuss in certain ways, but...
Yeah it's tricky getting it to use a custom path for codesign. In my build logs, I see it explicitly writes out `/usr/bin/codesign ...`, so I don't think the PATH...