Sign a simple application bundle ``` $ mkdir -p MyApp.app/Contents/MacOS $ rcodesign debug-create-macho MyApp.app/Contents/MacOS/MyApp assuming default minimum version 11.0.0 writing Mach-O to MyApp.app/Contents/MacOS/MyApp $ rcodesign sign MyApp.app MyApp.app.signed ? 1 signing MyApp.app to MyApp.app.signed signing bundle at MyApp.app Error: error interfacing with directory-based bundle: Info.plist not found; not a valid bundle $ rcodesign debug-create-info-plist --bundle-name MyApp MyApp.app/Contents/Info.plist writing MyApp.app/Contents/Info.plist $ mkdir -p MyApp.app/Resources $ touch MyApp.app/Resources/file-00.txt $ touch MyApp.app/Resources/file-01.txt $ rcodesign sign MyApp.app MyApp.app.signed signing MyApp.app to MyApp.app.signed signing bundle at MyApp.app signing bundle at MyApp.app into MyApp.app.signed signing main executable Contents/MacOS/MyApp $ rcodesign debug-file-tree MyApp.app.signed d MyApp.app.signed/ d MyApp.app.signed/Contents f 0a5902dc8e47f490d038 MyApp.app.signed/Contents/Info.plist d MyApp.app.signed/Contents/MacOS f 0e2027a7c6d687972a35 MyApp.app.signed/Contents/MacOS/MyApp d MyApp.app.signed/Contents/_CodeSignature f c844b31db66807774bd8 MyApp.app.signed/Contents/_CodeSignature/CodeResources d MyApp.app.signed/Resources f e3b0c44298fc1c149afb MyApp.app.signed/Resources/file-00.txt f e3b0c44298fc1c149afb MyApp.app.signed/Resources/file-01.txt $ rcodesign print-signature-info MyApp.app.signed - path: Contents/Info.plist file_size: 576 file_sha256: 0a5902dc8e47f490d03889d3593d17bddbf79e6c1f79494e20dd28f9459effa5 entity: other - path: Contents/MacOS/MyApp file_size: 22544 file_sha256: 0e2027a7c6d687972a3526c512cc89e3acd5f5654a1e8a639862d6b72ed3d59d entity: mach_o: macho_linkedit_start_offset: 16384 / 0x4000 macho_signature_start_offset: 16400 / 0x4010 macho_signature_end_offset: 16821 / 0x41b5 macho_linkedit_end_offset: 22544 / 0x5810 macho_end_offset: 22544 / 0x5810 linkedit_signature_start_offset: 16 / 0x10 linkedit_signature_end_offset: 437 / 0x1b5 linkedit_bytes_after_signature: 5723 / 0x165b signature: superblob_length: 421 / 0x1a5 blob_count: 3 blobs: - slot: CodeDirectory (0) magic: fade0c02 length: 365 sha1: ea937121b2d2b4be4dd8d37e1b884e7f1c2201af sha256: 3dfec63df494ed0e2dfeedf5d13a70b46b957bd73830cd7644a12e0ce6f08c00 - slot: RequirementSet (2) magic: fade0c01 length: 12 sha1: 3a75f6db058529148e14dd7ea1b4729cc09ec973 sha256: 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986 - slot: CMS Signature (65536) magic: fade0b01 length: 8 sha1: 2a7254313aa41796079bb0e9d0f044345f69f98b sha256: e6c83bc98a10348492c7d4d2378a54572ef29e1a5692ccd02b5e29f4b762d6a0 code_directory: version: '0x20400' flags: CodeSignatureFlags(ADHOC) identifier: com.example.mybundle digest_type: sha256 platform: 0 signed_entity_size: 16400 executable_segment_flags: ExecutableSegmentFlags(MAIN_BINARY) code_digests_count: 5 slot_digests: - 'Info (1): 0a5902dc8e47f490d03889d3593d17bddbf79e6c1f79494e20dd28f9459effa5' - 'RequirementSet (2): 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986' - 'Resources (3): c844b31db66807774bd8ea00afe62cae1254bf6dfed2fa30d1204449d3c7e943' cms: null - path: Contents/_CodeSignature/CodeResources file_size: 2672 file_sha256: c844b31db66807774bd8ea00afe62cae1254bf6dfed2fa30d1204449d3c7e943 entity: bundle_code_signature_file: !ResourcesXml - - - - - ' files' - ' ' - ' Resources/file-00.txt' - ' ' - ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk=' - ' ' - ' Resources/file-01.txt' - ' ' - ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk=' - ' ' - ' ' - ' files2' - ' ' - ' Resources/file-00.txt' - ' ' - ' hash2' - ' ' - ' 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' - ' ' - ' ' - ' Resources/file-01.txt' - ' ' - ' hash2' - ' ' - ' 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' - ' ' - ' ' - ' ' - ' rules' - ' ' - ' ^Resources/' - ' ' - ' ^Resources/.*/.lproj/' - ' ' - ' optional' - ' ' - ' weight' - ' 1000' - ' ' - ' ^Resources/.*/.lproj/locversion.plist$' - ' ' - ' omit' - ' ' - ' weight' - ' 1100' - ' ' - ' ^Resources/Base/.lproj/' - ' ' - ' weight' - ' 1010' - ' ' - ' ^version.plist$' - ' ' - ' ' - ' rules2' - ' ' - ' .*/.dSYM($|/)' - ' ' - ' weight' - ' 11' - ' ' - ' ^(.*/)?/.DS_Store$' - ' ' - ' omit' - ' ' - ' weight' - ' 2000' - ' ' - ' ^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/' - ' ' - ' nested' - ' ' - ' weight' - ' 10' - ' ' - ' ^.*' - ' ' - ' ^Info/.plist$' - ' ' - ' omit' - ' ' - ' weight' - ' 20' - ' ' - ' ^PkgInfo$' - ' ' - ' omit' - ' ' - ' weight' - ' 20' - ' ' - ' ^Resources/' - ' ' - ' weight' - ' 20' - ' ' - ' ^Resources/.*/.lproj/' - ' ' - ' optional' - ' ' - ' weight' - ' 1000' - ' ' - ' ^Resources/.*/.lproj/locversion.plist$' - ' ' - ' omit' - ' ' - ' weight' - ' 1100' - ' ' - ' ^Resources/Base/.lproj/' - ' ' - ' weight' - ' 1010' - ' ' - ' ^[^/]+$' - ' ' - ' nested' - ' ' - ' weight' - ' 10' - ' ' - ' ^embedded/.provisionprofile$' - ' ' - ' weight' - ' 20' - ' ' - ' ^version/.plist$' - ' ' - ' weight' - ' 20' - ' ' - ' ' - - - '' - path: Resources/file-00.txt file_size: 0 file_sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 entity: other - path: Resources/file-01.txt file_size: 0 file_sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 entity: other ``` Signing a bundle with an executable without targeting activates SHA-1 digests ``` $ mkdir -p MyApp.app/Contents/MacOS $ rcodesign debug-create-macho --no-targeting MyApp.app/Contents/MacOS/MyApp writing Mach-O to MyApp.app/Contents/MacOS/MyApp $ rcodesign debug-create-info-plist --bundle-name MyApp MyApp.app/Contents/Info.plist writing MyApp.app/Contents/Info.plist $ rcodesign sign MyApp.app MyApp.app.signed signing MyApp.app to MyApp.app.signed signing bundle at MyApp.app signing bundle at MyApp.app into MyApp.app.signed signing main executable Contents/MacOS/MyApp $ rcodesign print-signature-info MyApp.app.signed - path: Contents/Info.plist file_size: 576 file_sha256: 0a5902dc8e47f490d03889d3593d17bddbf79e6c1f79494e20dd28f9459effa5 entity: other - path: Contents/MacOS/MyApp file_size: 23568 file_sha256: 0e1c406b4bd8ac2a94a79c325db69a2a19876c753971284c4c45468e047505f4 entity: mach_o: macho_linkedit_start_offset: 16384 / 0x4000 macho_signature_start_offset: 16400 / 0x4010 macho_signature_end_offset: 17098 / 0x42ca macho_linkedit_end_offset: 23568 / 0x5c10 macho_end_offset: 23568 / 0x5c10 linkedit_signature_start_offset: 16 / 0x10 linkedit_signature_end_offset: 714 / 0x2ca linkedit_bytes_after_signature: 6470 / 0x1946 signature: superblob_length: 698 / 0x2ba blob_count: 4 blobs: - slot: CodeDirectory (0) magic: fade0c02 length: 269 sha1: daa7889f0fc39e6920ab2f468b80b06e04f714f5 sha256: f9530a6c35ec6da7f21a047873953248668b59a63d3879754781c5ff5d8b5038 - slot: RequirementSet (2) magic: fade0c01 length: 12 sha1: 3a75f6db058529148e14dd7ea1b4729cc09ec973 sha256: 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986 - slot: 'CodeDirectory Alternate #0 (4096)' magic: fade0c02 length: 365 sha1: 78b08e2a2b243714a59975d7db86d0c77164a9f3 sha256: 0210dbf647e161423f7ed74183dca566bc6e6e1b7a045079002b660385c5a26c - slot: CMS Signature (65536) magic: fade0b01 length: 8 sha1: 2a7254313aa41796079bb0e9d0f044345f69f98b sha256: e6c83bc98a10348492c7d4d2378a54572ef29e1a5692ccd02b5e29f4b762d6a0 code_directory: version: '0x20400' flags: CodeSignatureFlags(ADHOC) identifier: com.example.mybundle digest_type: sha1 platform: 0 signed_entity_size: 16400 executable_segment_flags: ExecutableSegmentFlags(MAIN_BINARY) code_digests_count: 5 slot_digests: - 'Info (1): 65bf1c26bc63ccdfe6688cc787b06f88f3435ef0' - 'RequirementSet (2): 3a75f6db058529148e14dd7ea1b4729cc09ec973' - 'Resources (3): bba07ca7abb366417d2b426b767c25838f5aeb58' alternative_code_directories: - - 'CodeDirectory Alternate #0 (4096)' - version: '0x20400' flags: CodeSignatureFlags(ADHOC) identifier: com.example.mybundle digest_type: sha256 platform: 0 signed_entity_size: 16400 executable_segment_flags: ExecutableSegmentFlags(MAIN_BINARY) code_digests_count: 5 slot_digests: - 'Info (1): 0a5902dc8e47f490d03889d3593d17bddbf79e6c1f79494e20dd28f9459effa5' - 'RequirementSet (2): 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986' - 'Resources (3): ba6147622a84edef406a5bc43b6ba041cef593326e34c5c53e662f9f57343263' cms: null - path: Contents/_CodeSignature/CodeResources file_size: 2816 file_sha256: ba6147622a84edef406a5bc43b6ba041cef593326e34c5c53e662f9f57343263 entity: bundle_code_signature_file: !ResourcesXml - - - - - ' files' - ' ' - ' Resources/file-00.txt' - ' ' - ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk=' - ' ' - ' Resources/file-01.txt' - ' ' - ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk=' - ' ' - ' ' - ' files2' - ' ' - ' Resources/file-00.txt' - ' ' - ' hash' - ' ' - ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk=' - ' ' - ' hash2' - ' ' - ' 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' - ' ' - ' ' - ' Resources/file-01.txt' - ' ' - ' hash' - ' ' - ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk=' - ' ' - ' hash2' - ' ' - ' 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' - ' ' - ' ' - ' ' - ' rules' - ' ' - ' ^Resources/' - ' ' - ' ^Resources/.*/.lproj/' - ' ' - ' optional' - ' ' - ' weight' - ' 1000' - ' ' - ' ^Resources/.*/.lproj/locversion.plist$' - ' ' - ' omit' - ' ' - ' weight' - ' 1100' - ' ' - ' ^Resources/Base/.lproj/' - ' ' - ' weight' - ' 1010' - ' ' - ' ^version.plist$' - ' ' - ' ' - ' rules2' - ' ' - ' .*/.dSYM($|/)' - ' ' - ' weight' - ' 11' - ' ' - ' ^(.*/)?/.DS_Store$' - ' ' - ' omit' - ' ' - ' weight' - ' 2000' - ' ' - ' ^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/' - ' ' - ' nested' - ' ' - ' weight' - ' 10' - ' ' - ' ^.*' - ' ' - ' ^Info/.plist$' - ' ' - ' omit' - ' ' - ' weight' - ' 20' - ' ' - ' ^PkgInfo$' - ' ' - ' omit' - ' ' - ' weight' - ' 20' - ' ' - ' ^Resources/' - ' ' - ' weight' - ' 20' - ' ' - ' ^Resources/.*/.lproj/' - ' ' - ' optional' - ' ' - ' weight' - ' 1000' - ' ' - ' ^Resources/.*/.lproj/locversion.plist$' - ' ' - ' omit' - ' ' - ' weight' - ' 1100' - ' ' - ' ^Resources/Base/.lproj/' - ' ' - ' weight' - ' 1010' - ' ' - ' ^[^/]+$' - ' ' - ' nested' - ' ' - ' weight' - ' 10' - ' ' - ' ^embedded/.provisionprofile$' - ' ' - ' weight' - ' 20' - ' ' - ' ^version/.plist$' - ' ' - ' weight' - ' 20' - ' ' - ' ' - - - '' - path: Resources/file-00.txt file_size: 0 file_sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 entity: other - path: Resources/file-01.txt file_size: 0 file_sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 entity: other ```