Changes in how SDK deals with code signing


    Sep 02 2021 | 9:16 pm
    Hi,
    This is less of a bug and more of an open-ended issue which I am not 100% sure is related to the SDK directly but after a lot of deliberating and A/B compiling my feeling is that code signing behaviour has somehow changed from the update.
    When building a set of externals previously with cmake and make I would produce binaries which were not code signed. I could verify this in my shell with this:
    codesign -dv --verbose=4 fluid.ampgate\~.mxo This would produce the output:
    fluid.ampgate~.mxo/: code object is not signed at all
    Max can load these externals fine.
    Now though, after doing nothing except updating the SDK I get binaries which when checked with the aforementioned invocation report that they are code signed:
    Executable=/Users/james/dev/flucoma/max/externals/fluid.ampgate~.mxo/Contents/MacOS/fluid.ampgate~ Identifier=fluid.ampgate~ Format=bundle with Mach-O thin (arm64) CodeDirectory v=20400 size=1255 flags=0x20002(adhoc,linker-signed) hashes=36+0 location=embedded VersionPlatform=1 VersionMin=720896 VersionSDK=721664 Hash type=sha256 size=32 CandidateCDHash sha256=f1adddbc9aa109e03b11a64d573f64562158cf78 CandidateCDHashFull sha256=f1adddbc9aa109e03b11a64d573f64562158cf7807fcdf49a8c629dba5258e1b Hash choices=sha256 CMSDigest=f1adddbc9aa109e03b11a64d573f64562158cf7807fcdf49a8c629dba5258e1b CMSDigestType=2 Executable Segment base=0 Executable Segment limit=65536 Executable Segment flags=0x0 Page size=4096 CDHash=f1adddbc9aa109e03b11a64d573f64562158cf78 Signature=adhoc Info.plist=not bound TeamIdentifier=not set Sealed Resources=none Internal requirements=none
    Is this something that is being influenced by the update to the SDK?

    • Sep 03 2021 | 1:54 pm
      Are you building from an updated version of Xcode? that would be my first guess as to the difference. AFAICT we are not introducing any signing in our cmake scripts (it's not even clear to me that you are using the cmake scripts).
    • Sep 03 2021 | 2:42 pm
      Our build chain is a little bit custom but obviously uses the SDK. I am using Xcode 12.5.1 and have not updated it recently. However, I recently created a new developer signature in Xcode to build an iPlug2 project and I wonder if that is causing things to go wacky. I will dig deeper my end to see if I can get into the details.