[tor-dev] [FWD: Re: Apple developer account + codesigning]

Conrad Kramer ckrames1234 at gmail.com
Mon Oct 26 17:54:23 UTC 2015


> On Oct 26, 2015, at 10:23 AM, Ian Goldberg <iang at cs.uwaterloo.ca> wrote:
> 
> On Mon, Oct 26, 2015 at 06:06:36AM -0700, Mike Perry wrote:
>> Essentially, codesign only touches executable binaries in the .app (see
>> that second link for info on how the binary's segments get moved around)
>> and also adds an SC_Info directory for codesign/DRM metadata.
> 
> Wait; does that mean that things like configuration files, plugins, etc.
> are *not* signed?

They are signed. All resources in a bundle (e.g. an app or framework) are
signed and the signatures are stored in a file named "CodeResources”:

https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html#//apple_ref/doc/uid/TP40005929-CH3-SW1


Conrad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151026/16654710/attachment.sig>


More information about the tor-dev mailing list