Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code signature stripped on Darwin #37

Open
nwjsmith opened this issue May 13, 2022 · 2 comments
Open

Code signature stripped on Darwin #37

nwjsmith opened this issue May 13, 2022 · 2 comments
Labels
todo

Comments

@nwjsmith
Copy link

I'm having trouble running the RenderScript compiler, llvm-rs-cc because code signatures are stripped from a dylib in build-tools. This is relevant part of the error I'm hitting:

/nix/store/gxylpsxax2xad9dljfw0dqa47zbsss3r-build-tools-32-0-0-32/lib/libbcinfo.dylib' not valid for use in process: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?))

and the full error if you're an avid reader:

dyld[67033]: Library not loaded: @rpath/libbcinfo.dylib
  Referenced from: /nix/store/gxylpsxax2xad9dljfw0dqa47zbsss3r-build-tools-32-0-0-32/llvm-rs-cc
  Reason: tried: '/nix/store/gxylpsxax2xad9dljfw0dqa47zbsss3r-build-tools-32-0-0-32/../lib64/libbcinfo.dylib' (no such file), '/nix/store/gxylpsxax2xad9dljfw0dqa47zbsss3r-build-tools-32-0-0-32/lib64/libbcinfo.dylib' (code signature in <29EBED16-7F80-352A-800D-1461AD671135> '/nix/store/gxylpsxax2xad9dljfw0dqa47zbsss3r-build-tools-32-0-0-32/lib/libbcinfo.dylib' not valid for use in process: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?)), '/nix/store/gxylpsxax2xad9dljfw0dqa47zbsss3r-build-tools-32-0-0-32/../lib64/libbcinfo.dylib' (no such file), '/nix/store/gxylpsxax2xad9dljfw0dqa47zbsss3r-build-tools-32-0-0-32/lib64/libbcinfo.dylib' (code signature in <29EBED16-7F80-352A-800D-1461AD671135> '/nix/store/gxylpsxax2xad9dljfw0dqa47zbsss3r-build-tools-32-0-0-32/lib/libbcinfo.dylib' not valid for use in process: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?)), '/usr/lib/libbcinfo.dylib' (no such file)

I can check the signatures with codesign. libbcinfo.dylib has an ad-hoc signature:

codesign --display --verbose /nix/store/sbvgm391717xz44fq1s3q0pwd7xpgzcr-android-sdk-env/share/android-sdk/build-tools/32.0.0/lib/libbcinfo.dylib
Executable=/nix/store/gxylpsxax2xad9dljfw0dqa47zbsss3r-build-tools-32-0-0-32/lib/libbcinfo.dylib
Identifier=libbcinfo.dylib
Format=Mach-O thin (x86_64)
CodeDirectory v=20400 size=2792 flags=0x2(adhoc) hashes=82+2 location=embedded
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=0 size=12

and llvm-rs-cc is signed, by Google presumably:

Executable=/nix/store/gxylpsxax2xad9dljfw0dqa47zbsss3r-build-tools-32-0-0-32/llvm-rs-cc
Identifier=llvm-rs-cc
Format=Mach-O thin (x86_64)
CodeDirectory v=20500 size=7510 flags=0x10000(runtime) hashes=229+2 location=embedded
Signature size=9041
Timestamp=Nov 19, 2021 at 3:53:41 AM
Info.plist=not bound
TeamIdentifier=EQHXZ8M8AV
Runtime Version=10.13.0
Sealed Resources=none
Internal requirements count=1 size=172

This brings us to the bug in android-nixpkgs. When I download the build tools ZIP directly, both llvm-rs-cc and libbcinfo.dylib are signed:

$ codesign --display --verbose ~/Downloads/android-12/lib64/libbcinfo.dylib                                                                        
Executable=/Users/nsmith/Downloads/android-12/lib64/libbcinfo.dylib
Identifier=libbcinfo
Format=Mach-O thin (x86_64)
CodeDirectory v=20500 size=2805 flags=0x10000(runtime) hashes=82+2 location=embedded
Signature size=9041
Timestamp=Nov 19, 2021 at 3:53:40 AM
Info.plist=not bound
TeamIdentifier=EQHXZ8M8AV
Runtime Version=10.13.0
Sealed Resources=none
Internal requirements count=1 size=172

$ codesign --display --verbose ~/Downloads/android-12/llvm-rs-cc           
Executable=/Users/nsmith/Downloads/android-12/llvm-rs-cc
Identifier=llvm-rs-cc
Format=Mach-O thin (x86_64)
CodeDirectory v=20500 size=7510 flags=0x10000(runtime) hashes=229+2 location=embedded
Signature size=9041
Timestamp=Nov 19, 2021 at 3:53:41 AM
Info.plist=not bound
TeamIdentifier=EQHXZ8M8AV
Runtime Version=10.13.0
Sealed Resources=none
Internal requirements count=1 size=172

Is there a way to preserve the signatures from the originals?
@nwjsmith
Copy link
Author

nwjsmith commented Jun 2, 2022

I've found a workaround!

(build-tools-32-0-0.overrideAttrs (oldAttrs: {
  dontStrip = true;
}))

Since everything is being unpacked from archives anyway, should dontStrip = true be added to mkGeneric?

@nwjsmith
Copy link
Author

nwjsmith commented Jun 2, 2022

Alternatively, I can figure out why llvm-rs-cc isn't being stripped and fix that for build-tools

@tadfisher tadfisher added the todo label Oct 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
todo
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nwjsmith @tadfisher