On 27 Oct 2015, at 05:41, Conrad Kramer <ckrames1...@gmail.com> wrote:
>> On Oct 26, 2015, at 11:22 AM, Spencer <spencer...@openmailbox.org> wrote: >> >> Hi, >> >>> Conrad Kramer: >>> All resources in a bundle (e.g. an app or framework) are >>> signed and the signatures are stored in a file named "CodeResources”: >> >> Then what is in 'CodeSignature', Apple's signing stuff? > > The `_CodeSignature` folder currently only contains the `CodeResources` file. > The `CodeResources` file is simple XML. > > The executables have their own signature in the `LC_CODE_SIGNATURE` load > command in the Mach-O binary. Reproducible builds will be much easier if the executable signatures are also placed in a separate file, rather than modifying the executable. I'm guessing there's no option for detached executable signatures? Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
