Skip to content

[msbuild] Improve ComputeCodesignItems to take symlinked directories into account. Fixes #20193. #22907

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 28, 2025
Merged

[msbuild] Improve ComputeCodesignItems to take symlinked directories into account. Fixes #20193. #22907

merged 1 commit into from
May 28, 2025

Conversation

rolfbjarne
Copy link
Member

  1. There's no need to codesign a symlink, because:
    a. A symlink can only point to another file or directory inside the app
    bundle (not outside of it).
    b. That other file or directory should already be in the list of files to sign.
  2. We're already skipping files and directories that are symlinks, but we
    weren't skipping normal files or directories inside a symlinked directory.
    This is now fixed.

Example 1:

MyBundle.app/Contents/Frameworks/XTest.framework/XTest -> MyBundle.app/Contents/Frameworks/XTest.framework/Versions/A/Resources/XTest

This file (MyBundle.app/Contents/Frameworks/XTest.framework/XTest) was already not signed.

Example 2:

MyBundle.app/Contents/Frameworks/XTest.framework/Libraries -> MyBundle.app/Contents/Frameworks/XTest.framework/Versions/A/Libraries
MyBundle.app/Contents/Frameworks/XTest.framework/Versions/A/Libraries/libTest.dylib

Here we'd find 'libTest.dylib' twice, once inside
'MyBundle.app/Contents/Frameworks/XTest.framework/Libraries', and once inside
'MyBundle.app/Contents/Frameworks/XTest.framework/Versions/A/Libraries'.

The algorithm has been changed to not recurse into directories that are
symlinks, so with this fix we'll no longer find
'MyBundle.app/Contents/Frameworks/XTest.framework/Libraries/libTest.dylib'.

Fixes #20193.

@rolfbjarne
[msbuild] Improve ComputeCodesignItems to take symlinked directories …
c95f56c 
…into account. Fixes #20193.

1. There's no need to codesign a symlink, because:
    a. A symlink can only point to another file or directory inside the app
       bundle (not outside of it).
	b. That other file or directory should already be in the list of files to sign.
2. We're already skipping files and directories that are symlinks, but we
   weren't skipping normal files or directories inside a symlinked directory.
   This is now fixed.

Example 1:

    MyBundle.app/Contents/Frameworks/XTest.framework/XTest -> MyBundle.app/Contents/Frameworks/XTest.framework/Versions/A/Resources/XTest

This file (MyBundle.app/Contents/Frameworks/XTest.framework/XTest) was already not signed.

Example 2:

    MyBundle.app/Contents/Frameworks/XTest.framework/Libraries -> MyBundle.app/Contents/Frameworks/XTest.framework/Versions/A/Libraries
    MyBundle.app/Contents/Frameworks/XTest.framework/Versions/A/Libraries/libTest.dylib

Here we'd find 'libTest.dylib' twice, once inside
'MyBundle.app/Contents/Frameworks/XTest.framework/Libraries', and once inside
'MyBundle.app/Contents/Frameworks/XTest.framework/Versions/A/Libraries'.

The algorithm has been changed to not recurse into directories that are
symlinks, so with this fix we'll no longer find
'MyBundle.app/Contents/Frameworks/XTest.framework/Libraries/libTest.dylib'.

Fixes #20193.
@rolfbjarne rolfbjarne requested review from emaf and mauroa as code owners May 26, 2025 16:21
@vs-mobiletools-engineering-service2
Copy link
Collaborator

✅ [PR Build #c95f56c] Build passed (Detect API changes) ✅

Pipeline on Agent
Hash: c95f56cadca41776411408a3593aed0e4cc5a309 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

✅ API diff for current PR / commit

.NET ( No breaking changes )

✅ API diff vs stable

.NET ( No breaking changes )

ℹ️ Generator diff

Generator Diff: vsdrops (html) vsdrops (raw diff) gist (raw diff) - Please review changes)

Pipeline on Agent
Hash: c95f56cadca41776411408a3593aed0e4cc5a309 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

✅ [CI Build #c95f56c] Build passed (Build packages) ✅

Pipeline on Agent
Hash: c95f56cadca41776411408a3593aed0e4cc5a309 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

✅ [CI Build #c95f56c] Build passed (Build macOS tests) ✅

Pipeline on Agent
Hash: c95f56cadca41776411408a3593aed0e4cc5a309 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

💻 [CI Build #c95f56c] Tests on macOS X64 - Mac Sonoma (14) passed 💻

All tests on macOS X64 - Mac Sonoma (14) passed.

Pipeline on Agent
Hash: c95f56cadca41776411408a3593aed0e4cc5a309 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

💻 [CI Build #c95f56c] Tests on macOS M1 - Mac Monterey (12) passed 💻

All tests on macOS M1 - Mac Monterey (12) passed.

Pipeline on Agent
Hash: c95f56cadca41776411408a3593aed0e4cc5a309 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

💻 [CI Build #c95f56c] Tests on macOS arm64 - Mac Sequoia (15) passed 💻

All tests on macOS arm64 - Mac Sequoia (15) passed.

Pipeline on Agent
Hash: c95f56cadca41776411408a3593aed0e4cc5a309 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

💻 [CI Build #c95f56c] Tests on macOS M1 - Mac Ventura (13) passed 💻

All tests on macOS M1 - Mac Ventura (13) passed.

Pipeline on Agent
Hash: c95f56cadca41776411408a3593aed0e4cc5a309 [PR build]

@vs-mobiletools-engineering-service2
Copy link
Collaborator

🚀 [CI Build #c95f56c] Test results 🚀

Test results

✅ All tests passed on VSTS: test results.

🎉 All 115 tests passed 🎉

Tests counts

✅ cecil: All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (iOS): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (MacCatalyst): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (macOS): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (Multiple platforms): All 1 tests passed. Html Report (VSDrops) Download
✅ dotnettests (tvOS): All 1 tests passed. Html Report (VSDrops) Download
✅ framework: All 2 tests passed. Html Report (VSDrops) Download
✅ fsharp: All 4 tests passed. Html Report (VSDrops) Download
✅ generator: All 5 tests passed. Html Report (VSDrops) Download
✅ interdependent-binding-projects: All 4 tests passed. Html Report (VSDrops) Download
✅ introspection: All 4 tests passed. Html Report (VSDrops) Download
✅ linker: All 44 tests passed. Html Report (VSDrops) Download
✅ monotouch (iOS): All 8 tests passed. Html Report (VSDrops) Download
✅ monotouch (MacCatalyst): All 11 tests passed. Html Report (VSDrops) Download
✅ monotouch (macOS): All 9 tests passed. Html Report (VSDrops) Download
✅ monotouch (tvOS): All 8 tests passed. Html Report (VSDrops) Download
✅ msbuild: All 2 tests passed. Html Report (VSDrops) Download
✅ windows: All 3 tests passed. Html Report (VSDrops) Download
✅ xcframework: All 4 tests passed. Html Report (VSDrops) Download
✅ xtro: All 1 tests passed. Html Report (VSDrops) Download

Pipeline on Agent
Hash: c95f56cadca41776411408a3593aed0e4cc5a309 [PR build]

@rolfbjarne rolfbjarne merged commit 0c3ecd0 into main May 28, 2025
44 checks passed
@rolfbjarne rolfbjarne deleted the dev/rolf/issue-20193-codesign-with-symlinks branch May 28, 2025 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dalexsoto dalexsoto dalexsoto approved these changes

@mandel-macaque mandel-macaque mandel-macaque approved these changes

@mauroa mauroa mauroa approved these changes

@emaf emaf emaf approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Codesign Error with Large Framework
6 participants
@rolfbjarne @vs-mobiletools-engineering-service2 @dalexsoto @mandel-macaque @mauroa @emaf