X-Git-Url: https://git.saurik.com/apple/libsecurity_codesigning.git/blobdiff_plain/6aae018b5d43c30038cfa4003e5d4bcc81f134cf..935e692843d9c528f9a4c5eee98e00961ca5f4a4:/lib/signerutils.cpp diff --git a/lib/signerutils.cpp b/lib/signerutils.cpp index a7e925a..f1264f5 100644 --- a/lib/signerutils.cpp +++ b/lib/signerutils.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved. + * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -75,14 +75,14 @@ void DetachedBlobWriter::flush() // // ArchEditor // -ArchEditor::ArchEditor(Universal &code, uint32_t attrs /* = 0 */) +ArchEditor::ArchEditor(Universal &code, CodeDirectory::HashAlgorithm hashType, uint32_t attrs) : DiskRep::Writer(attrs) { Universal::Architectures archList; code.architectures(archList); for (Universal::Architectures::const_iterator it = archList.begin(); it != archList.end(); ++it) - architecture[*it] = new Arch(*it); + architecture[*it] = new Arch(*it, hashType); } @@ -96,6 +96,11 @@ ArchEditor::~ArchEditor() // // BlobEditor // +BlobEditor::BlobEditor(Universal &fat, SecCodeSigner::Signer &s) + : ArchEditor(fat, s.digestAlgorithm(), 0), signer(s) +{ } + + void BlobEditor::component(CodeDirectory::SpecialSlot slot, CFDataRef data) { mGlobal.component(slot, data); @@ -124,9 +129,13 @@ void BlobEditor::commit() // "drill up" the Mach-O binary for insertion of Code Signing signature data. // After the tool succeeds, we open the new file and are ready to write it. // -MachOEditor::MachOEditor(DiskRep::Writer *w, Universal &code, std::string srcPath) - : ArchEditor(code, w->attributes()), writer(w), sourcePath(srcPath), tempPath(srcPath + ".cstemp"), - mNewCode(NULL), mTempMayExist(false) +MachOEditor::MachOEditor(DiskRep::Writer *w, Universal &code, CodeDirectory::HashAlgorithm hashType, std::string srcPath) + : ArchEditor(code, hashType, w->attributes()), + writer(w), + sourcePath(srcPath), + tempPath(srcPath + ".cstemp"), + mNewCode(NULL), + mTempMayExist(false) { if (const char *path = getenv(helperOverride)) { mHelperPath = path; @@ -190,7 +199,7 @@ void MachOEditor::parentAction() code->validateDirectory(); code->validateExecutable(); code->validateResources(); - code->validateRequirements((const Requirement *)appleReq, errSecCSReqFailed); + code->validateRequirement((const Requirement *)appleReq, errSecCSReqFailed); } } @@ -206,7 +215,7 @@ void MachOEditor::childAction() for (Iterator it = architecture.begin(); it != architecture.end(); ++it) { size_t size = LowLevelMemoryUtilities::alignUp(it->second->blobSize, csAlign); char *ssize; // we'll leak this (execv is coming soon) - asprintf(&ssize, "%d", size); + asprintf(&ssize, "%zd", size); if (const char *arch = it->first.name()) { CODESIGN_ALLOCATE_ARCH((char*)arch, size); @@ -281,7 +290,14 @@ void MachOEditor::commit() UidGuard guard; if (!guard.seteuid(0)) guard.seteuid(st.st_uid); + + // copy metadata from original file... copy(sourcePath.c_str(), NULL, COPYFILE_SECURITY | COPYFILE_METADATA); + + // ... but explicitly update the timestamps since we did change the file + char buf; + mFd.read(&buf, sizeof(buf), 0); + mFd.write(&buf, sizeof(buf), 0); // move the new file into place UnixError::check(::rename(tempPath.c_str(), sourcePath.c_str()));