James Bradbury

This is less of a bug and more of an open-ended issue which I am not 100% sure is related to the SDK directly but after a lot of deliberating and A/B compiling my feeling is that code signing behaviour has somehow changed from the update.

When building a set of externals previously with cmake and make I would produce binaries which were not code signed. I could verify this in my shell with this:

codesign -dv --verbose=4 fluid.ampgate\~.mxo

fluid.ampgate~.mxo/: code object is not signed at all

Now though, after doing nothing except updating the SDK I get binaries which when checked with the aforementioned invocation report that they are code signed:

Executable=/Users/james/dev/flucoma/max/externals/fluid.ampgate~.mxo/Contents/MacOS/fluid.ampgate~

CodeDirectory v=20400 size=1255 flags=0x20002(adhoc,linker-signed) hashes=36+0 location=embedded

CandidateCDHash sha256=f1adddbc9aa109e03b11a64d573f64562158cf78

CandidateCDHashFull sha256=f1adddbc9aa109e03b11a64d573f64562158cf7807fcdf49a8c629dba5258e1b

CMSDigest=f1adddbc9aa109e03b11a64d573f64562158cf7807fcdf49a8c629dba5258e1b

CDHash=f1adddbc9aa109e03b11a64d573f64562158cf78

Is this something that is being influenced by the update to the SDK?

When building a set of externals previously with cmake and make I would produce binaries which were not code signed.  I could verify this in my shell with this: 

codesign -dv --verbose=4 fluid.ampgate\~.mxo

This would produce the output:

Executable=/Users/james/dev/flucoma/max/externals/fluid.ampgate~.mxo/Contents/MacOS/fluid.ampgate~
Identifier=fluid.ampgate~
Format=bundle with Mach-O thin (arm64)
CodeDirectory v=20400 size=1255 flags=0x20002(adhoc,linker-signed) hashes=36+0 location=embedded
VersionPlatform=1
VersionMin=720896
VersionSDK=721664
Hash type=sha256 size=32
CandidateCDHash sha256=f1adddbc9aa109e03b11a64d573f64562158cf78
CandidateCDHashFull sha256=f1adddbc9aa109e03b11a64d573f64562158cf7807fcdf49a8c629dba5258e1b
Hash choices=sha256
CMSDigest=f1adddbc9aa109e03b11a64d573f64562158cf7807fcdf49a8c629dba5258e1b
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=65536
Executable Segment flags=0x0
Page size=4096
CDHash=f1adddbc9aa109e03b11a64d573f64562158cf78
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements=none

Hi,
This is less of a bug and more of an open-ended issue which I am not 100% sure is related to the SDK directly but after a lot of deliber

changes-in-how-sdk-deals-with-code-signing

Are you building from an updated version of Xcode? that would be my first guess as to the difference. AFAICT we are not introducing any signing in our cmake scripts (it's not even clear to me that you are using the cmake scripts).

Our build chain is a little bit custom but obviously uses the SDK. I am using Xcode 12.5.1 and have not updated it recently. However, I recently created a new developer signature in Xcode to build an iPlug2 project and I wonder if that is causing things to go wacky. I will dig deeper my end to see if I can get into the details.

FWIW, I ran back across this whilst trying to retrieve something I posted a long time ago. Indeed this was the issue, if for any reason someone came across this in the future.

Changes in how SDK deals with code signing