Struct apple_codesign::CodeResources

impl CodeResources

pub fn from_xml(xml: &[u8]) -> Result<Self, AppleCodesignError>

Construct an instance by parsing an XML plist.

pub fn to_writer_xml(&self, writer: impl Write) -> Result<(), AppleCodesignError>

Serialize an instance to XML.

Examples found in repository ?

src/code_resources.rs (line 1349)

1348
1349
1350

    pub fn write_code_resources(&self, writer: impl Write) -> Result<(), AppleCodesignError> {
        self.resources.to_writer_xml(writer)
    }

pub fn add_rule(&mut self, rule: CodeResourcesRule)

Add a rule to this instance in the <rules> section.

Examples found in repository ?

src/code_resources.rs (line 1060)

    pub fn add_rule(&mut self, rule: CodeResourcesRule) {
        self.rules.push(rule.clone());
        self.rules.sort();
        self.resources.add_rule(rule);
    }

pub fn add_rule2(&mut self, rule: CodeResourcesRule)

Add a rule to this instance in the <rules2> section.

Examples found in repository ?

src/code_resources.rs (line 1067)

    pub fn add_rule2(&mut self, rule: CodeResourcesRule) {
        self.rules2.push(rule.clone());
        self.rules2.sort();
        self.resources.add_rule2(rule);
    }

pub fn seal_regular_file(
 &mut self,
 files_flavor: FilesFlavor,
 path: impl ToString,
 content: impl AsRef<[u8]>,
 optional: bool
) -> Result<(), AppleCodesignError>

Seal a regular file.

This will digest the content specified and record that digest in the files or files2 list.

To seal a symlink, call CodeResources::seal_symlink instead. If the file is a Mach-O file, call CodeResources::seal_macho instead.

Examples found in repository ?

src/code_resources.rs (line 1246)

    fn process_file_rules2(
        &mut self,
        file: &DirectoryBundleFile,
        file_handler: &dyn BundleFileHandler,
    ) -> Result<(), AppleCodesignError> {
        match Self::evaluate_rules(
            &self.rules2,
            file.relative_path(),
            file.symlink_target()
                .map_err(AppleCodesignError::DirectoryBundle)?,
        )? {
            RulesEvaluation::Exclude => {
                // Excluded files are hard ignored. These files are likely handled out-of-band
                // from this builder.
                Ok(())
            }
            RulesEvaluation::Omit => {
                // Omitted files aren't sealed. But they are installed.
                file_handler.install_file(file)
            }
            RulesEvaluation::NoRule => {
                // No rule match is assumed to mean full ignore.
                Ok(())
            }
            RulesEvaluation::SealSymlink(relative_path, target) => {
                info!("sealing symlink {} -> {}", relative_path, target);
                self.resources.seal_symlink(relative_path, target);
                file_handler.install_file(file)
            }
            RulesEvaluation::SealNested(relative_path, optional) => {
                // The assumption that a nested match means Mach-O may not be correct.
                info!("sealing Mach-O file {}", relative_path);
                let macho_info = file_handler.sign_and_install_macho(file)?;

                self.resources
                    .seal_macho(relative_path, &macho_info, optional)
            }
            RulesEvaluation::SealRegularFile(relative_path, optional) => {
                info!("sealing regular file {}", relative_path);
                let data = std::fs::read(file.absolute_path())?;

                let flavor = if self.digests.contains(&DigestType::Sha1) {
                    FilesFlavor::Rules2WithSha1
                } else {
                    FilesFlavor::Rules2
                };

                self.resources
                    .seal_regular_file(flavor, relative_path, data, optional)?;
                file_handler.install_file(file)
            }
        }
    }

    /// Process the `<rules>` set for a given file.
    ///
    /// Since `<rules2>` handling actually does the file installs, the only role of this
    /// handler is to record the SHA-1 seals in `<files>`. Keep in mind that `<files>` can't
    /// handle symlinks or nested Mach-O binaries. So we only care about regular files here.
    fn process_file_rules(&mut self, file: &DirectoryBundleFile) -> Result<(), AppleCodesignError> {
        match Self::evaluate_rules(
            &self.rules,
            file.relative_path(),
            file.symlink_target()
                .map_err(AppleCodesignError::DirectoryBundle)?,
        )? {
            RulesEvaluation::Exclude
            | RulesEvaluation::Omit
            | RulesEvaluation::NoRule
            | RulesEvaluation::SealSymlink(..)
            | RulesEvaluation::SealNested(..) => Ok(()),
            RulesEvaluation::SealRegularFile(relative_path, optional) => {
                let data = std::fs::read(file.absolute_path())?;

                self.resources
                    .seal_regular_file(FilesFlavor::Rules, relative_path, data, optional)
            }
        }
    }

pub fn seal_symlink(&mut self, path: impl ToString, target: impl ToString)

Seal a symlink file.

path is the path of the symlink and target is the path it points to.

Examples found in repository ?

src/code_resources.rs (line 1224)

    fn process_file_rules2(
        &mut self,
        file: &DirectoryBundleFile,
        file_handler: &dyn BundleFileHandler,
    ) -> Result<(), AppleCodesignError> {
        match Self::evaluate_rules(
            &self.rules2,
            file.relative_path(),
            file.symlink_target()
                .map_err(AppleCodesignError::DirectoryBundle)?,
        )? {
            RulesEvaluation::Exclude => {
                // Excluded files are hard ignored. These files are likely handled out-of-band
                // from this builder.
                Ok(())
            }
            RulesEvaluation::Omit => {
                // Omitted files aren't sealed. But they are installed.
                file_handler.install_file(file)
            }
            RulesEvaluation::NoRule => {
                // No rule match is assumed to mean full ignore.
                Ok(())
            }
            RulesEvaluation::SealSymlink(relative_path, target) => {
                info!("sealing symlink {} -> {}", relative_path, target);
                self.resources.seal_symlink(relative_path, target);
                file_handler.install_file(file)
            }
            RulesEvaluation::SealNested(relative_path, optional) => {
                // The assumption that a nested match means Mach-O may not be correct.
                info!("sealing Mach-O file {}", relative_path);
                let macho_info = file_handler.sign_and_install_macho(file)?;

                self.resources
                    .seal_macho(relative_path, &macho_info, optional)
            }
            RulesEvaluation::SealRegularFile(relative_path, optional) => {
                info!("sealing regular file {}", relative_path);
                let data = std::fs::read(file.absolute_path())?;

                let flavor = if self.digests.contains(&DigestType::Sha1) {
                    FilesFlavor::Rules2WithSha1
                } else {
                    FilesFlavor::Rules2
                };

                self.resources
                    .seal_regular_file(flavor, relative_path, data, optional)?;
                file_handler.install_file(file)
            }
        }
    }

pub fn seal_macho(
 &mut self,
 path: impl ToString,
 info: &SignedMachOInfo,
 optional: bool
) -> Result<(), AppleCodesignError>

Record metadata of a previously signed Mach-O binary.

If sealing a fat/universal binary, pass in metadata for the first Mach-O within in.

Examples found in repository ?

src/code_resources.rs (line 1233)

    fn process_file_rules2(
        &mut self,
        file: &DirectoryBundleFile,
        file_handler: &dyn BundleFileHandler,
    ) -> Result<(), AppleCodesignError> {
        match Self::evaluate_rules(
            &self.rules2,
            file.relative_path(),
            file.symlink_target()
                .map_err(AppleCodesignError::DirectoryBundle)?,
        )? {
            RulesEvaluation::Exclude => {
                // Excluded files are hard ignored. These files are likely handled out-of-band
                // from this builder.
                Ok(())
            }
            RulesEvaluation::Omit => {
                // Omitted files aren't sealed. But they are installed.
                file_handler.install_file(file)
            }
            RulesEvaluation::NoRule => {
                // No rule match is assumed to mean full ignore.
                Ok(())
            }
            RulesEvaluation::SealSymlink(relative_path, target) => {
                info!("sealing symlink {} -> {}", relative_path, target);
                self.resources.seal_symlink(relative_path, target);
                file_handler.install_file(file)
            }
            RulesEvaluation::SealNested(relative_path, optional) => {
                // The assumption that a nested match means Mach-O may not be correct.
                info!("sealing Mach-O file {}", relative_path);
                let macho_info = file_handler.sign_and_install_macho(file)?;

                self.resources
                    .seal_macho(relative_path, &macho_info, optional)
            }
            RulesEvaluation::SealRegularFile(relative_path, optional) => {
                info!("sealing regular file {}", relative_path);
                let data = std::fs::read(file.absolute_path())?;

                let flavor = if self.digests.contains(&DigestType::Sha1) {
                    FilesFlavor::Rules2WithSha1
                } else {
                    FilesFlavor::Rules2
                };

                self.resources
                    .seal_regular_file(flavor, relative_path, data, optional)?;
                file_handler.install_file(file)
            }
        }
    }

    /// Process the `<rules>` set for a given file.
    ///
    /// Since `<rules2>` handling actually does the file installs, the only role of this
    /// handler is to record the SHA-1 seals in `<files>`. Keep in mind that `<files>` can't
    /// handle symlinks or nested Mach-O binaries. So we only care about regular files here.
    fn process_file_rules(&mut self, file: &DirectoryBundleFile) -> Result<(), AppleCodesignError> {
        match Self::evaluate_rules(
            &self.rules,
            file.relative_path(),
            file.symlink_target()
                .map_err(AppleCodesignError::DirectoryBundle)?,
        )? {
            RulesEvaluation::Exclude
            | RulesEvaluation::Omit
            | RulesEvaluation::NoRule
            | RulesEvaluation::SealSymlink(..)
            | RulesEvaluation::SealNested(..) => Ok(()),
            RulesEvaluation::SealRegularFile(relative_path, optional) => {
                let data = std::fs::read(file.absolute_path())?;

                self.resources
                    .seal_regular_file(FilesFlavor::Rules, relative_path, data, optional)
            }
        }
    }

    /// Process a file for resource handling.
    ///
    /// This determines whether a file is relevant for inclusion in the CodeResources
    /// file and takes actions to process it, if necessary.
    pub fn process_file(
        &mut self,
        file: &DirectoryBundleFile,
        file_handler: &dyn BundleFileHandler,
    ) -> Result<(), AppleCodesignError> {
        self.process_file_rules2(file, file_handler)?;
        self.process_file_rules(file)
    }

    /// Process a nested bundle for inclusion in resource handling.
    ///
    /// This will attempt to seal the main digest of the bundle into this resources file.
    pub fn process_nested_bundle(
        &mut self,
        relative_path: &str,
        bundle: &DirectoryBundle,
    ) -> Result<(), AppleCodesignError> {
        let main_exe = match bundle
            .files(false)
            .map_err(AppleCodesignError::DirectoryBundle)?
            .into_iter()
            .find(|file| matches!(file.is_main_executable(), Ok(true)))
        {
            Some(path) => path,
            None => {
                warn!(
                    "nested bundle at {} does not have main executable; nothing to seal",
                    relative_path
                );
                return Ok(());
            }
        };

        let (relative_path, optional) =
            match Self::evaluate_rules(&self.rules2, relative_path, None)? {
                RulesEvaluation::SealRegularFile(relative_path, optional) => {
                    (relative_path, optional)
                }
                RulesEvaluation::SealNested(relative_path, optional) => (relative_path, optional),
                RulesEvaluation::Exclude => {
                    info!(
                        "excluding signing nested bundle {} because of matched resources rule",
                        relative_path
                    );
                    return Ok(());
                }
                res => {
                    warn!(
                        "unexpected resource rules evaluation result for nested bundle {}: {:?}",
                        relative_path, res
                    );
                    return Err(AppleCodesignError::BundleUnexpectedResourceRuleResult);
                }
            };

        let macho_data = std::fs::read(main_exe.absolute_path())?;
        let macho_info = SignedMachOInfo::parse_data(&macho_data)?;

        info!("sealing nested bundle at {}", relative_path);
        self.resources
            .seal_macho(relative_path, &macho_info, optional)?;

        Ok(())
    }

Trait Implementations§

impl Clone for CodeResources

fn clone(&self) -> CodeResources

Returns a copy of the value. Read more

1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for CodeResources

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Default for CodeResources

fn default() -> CodeResources

Returns the “default value” for a type. Read more

impl From<&CodeResources> for Value

fn from(cr: &CodeResources) -> Self

Converts to this type from the input type.

impl PartialEq<CodeResources> for CodeResources

fn eq(&self, other: &CodeResources) -> bool

This method tests for self and other values to be equal, and is used by ==.

1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl StructuralPartialEq for CodeResources

Auto Trait Implementations§

impl UnwindSafe for CodeResources

Blanket Implementations§

impl<T> Any for Twhere
T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,

fn implicit(
 self,
 class: Class,
 constructed: bool,
 tag: u32
) -> TaggedParser<'a, Implicit, Self, E>

impl<T> Borrow<T> for Twhere
T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for Twhere
T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> Conv for T

fn conv<T>(self) -> Twhere
Self: Into<T>,

Converts self into T using Into<T>. Read more

impl<T> FmtForward for T

fn fmt_binary(self) -> FmtBinary<Self>where
Self: Binary,

Causes self to use its Binary implementation when Debug-formatted.

fn fmt_display(self) -> FmtDisplay<Self>where
Self: Display,

Causes self to use its Display implementation when Debug-formatted.

fn fmt_lower_exp(self) -> FmtLowerExp<Self>where
Self: LowerExp,

Causes self to use its LowerExp implementation when Debug-formatted.

fn fmt_lower_hex(self) -> FmtLowerHex<Self>where
Self: LowerHex,

Causes self to use its LowerHex implementation when Debug-formatted.

fn fmt_octal(self) -> FmtOctal<Self>where
Self: Octal,

Causes self to use its Octal implementation when Debug-formatted.

fn fmt_pointer(self) -> FmtPointer<Self>where
Self: Pointer,

Causes self to use its Pointer implementation when Debug-formatted.

fn fmt_upper_exp(self) -> FmtUpperExp<Self>where
Self: UpperExp,

Causes self to use its UpperExp implementation when Debug-formatted.

fn fmt_upper_hex(self) -> FmtUpperHex<Self>where
Self: UpperHex,

Causes self to use its UpperHex implementation when Debug-formatted.

fn fmt_list(self) -> FmtList<Self>where
&'a Self: for<'a> IntoIterator,

Formats each item in a sequence. Read more

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into for Twhere
U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Pipe for Twhere
T: ?Sized,

fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> Rwhere
Self: Sized,

Pipes by value. This is generally the method you want to use. Read more

fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> Rwhere
R: 'a,

Borrows self and passes that borrow into the pipe function. Read more

fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> Rwhere
R: 'a,

Mutably borrows self and passes that borrow into the pipe function. Read more

fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> Rwhere
 Self: Borrow,
 B: 'a + ?Sized,
 R: 'a,

Borrows self, then passes self.borrow() into the pipe function. Read more

fn pipe_borrow_mut<'a, B, R>(
 &'a mut self,
 func: impl FnOnce(&'a mut B) -> R
) -> Rwhere
 Self: BorrowMut,
 B: 'a + ?Sized,
 R: 'a,

Mutably borrows self, then passes self.borrow_mut() into the pipe function. Read more

fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> Rwhere
 Self: AsRef,
 U: 'a + ?Sized,
 R: 'a,

Borrows self, then passes self.as_ref() into the pipe function.

fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> Rwhere
 Self: AsMut,
 U: 'a + ?Sized,
 R: 'a,

Mutably borrows self, then passes self.as_mut() into the pipe function.

fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> Rwhere
 Self: Deref<Target = T>,
 T: 'a + ?Sized,
 R: 'a,

Borrows self, then passes self.deref() into the pipe function.

fn pipe_deref_mut<'a, T, R>(&'a mut self, func: impl FnOnce(&'a mut T) -> R) -> Rwhere
 Self: DerefMut<Target = T> + Deref,
 T: 'a + ?Sized,
 R: 'a,

Mutably borrows self, then passes self.deref_mut() into the pipe function.

impl<T> Pointable for T

const ALIGN: usize = mem::align_of::<T>()

The alignment of pointer.

type Init = T

The type for initializers.

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T> Tap for T

fn tap(self, func: impl FnOnce(&Self)) -> Self

Immutable access to a value. Read more

fn tap_mut(self, func: impl FnOnce(&mut Self)) -> Self

Mutable access to a value. Read more

fn tap_borrow(self, func: impl FnOnce(&B)) -> Selfwhere
Self: Borrow,
B: ?Sized,

Immutable access to the Borrow of a value. Read more

fn tap_borrow_mut(self, func: impl FnOnce(&mut B)) -> Selfwhere
Self: BorrowMut,
B: ?Sized,

Mutable access to the BorrowMut of a value. Read more

fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Selfwhere
Self: AsRef<R>,
R: ?Sized,

Immutable access to the AsRef<R> view of a value. Read more

fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Selfwhere
Self: AsMut<R>,
R: ?Sized,

Mutable access to the AsMut<R> view of a value. Read more

fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Selfwhere
Self: Deref<Target = T>,
T: ?Sized,

Immutable access to the Deref::Target of a value. Read more

fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Selfwhere
Self: DerefMut<Target = T> + Deref,
T: ?Sized,

Mutable access to the Deref::Target of a value. Read more

fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self

Calls .tap() only in debug builds, and is erased in release builds.

fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self

Calls .tap_mut() only in debug builds, and is erased in release builds.

fn tap_borrow_dbg(self, func: impl FnOnce(&B)) -> Selfwhere
Self: Borrow,
B: ?Sized,

Calls .tap_borrow() only in debug builds, and is erased in release builds.

fn tap_borrow_mut_dbg(self, func: impl FnOnce(&mut B)) -> Selfwhere
Self: BorrowMut,
B: ?Sized,

Calls .tap_borrow_mut() only in debug builds, and is erased in release builds.

fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Selfwhere
Self: AsRef<R>,
R: ?Sized,

Calls .tap_ref() only in debug builds, and is erased in release builds.

fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Selfwhere
Self: AsMut<R>,
R: ?Sized,

Calls .tap_ref_mut() only in debug builds, and is erased in release builds.

fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Selfwhere
Self: Deref<Target = T>,
T: ?Sized,

Calls .tap_deref() only in debug builds, and is erased in release builds.

fn tap_deref_mut_dbg<T>(self, func: impl FnOnce(&mut T)) -> Selfwhere
Self: DerefMut<Target = T> + Deref,
T: ?Sized,

Calls .tap_deref_mut() only in debug builds, and is erased in release builds.

impl<T> ToOwned for Twhere
T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T> TryConv for T

fn try_conv<T>(self) -> Result<T, Self::Error>where
Self: TryInto<T>,

Attempts to convert self into T using TryInto<T>. Read more

impl<T, U> TryFrom for Twhere
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom>::Error>

Performs the conversion.

impl<T, U> TryInto for Twhere
U: TryFrom<T>,

type Error = >::Error

The type returned in the event of a conversion error.

const: unstable · source§

fn try_into(self) -> Result<U, >::Error>

Performs the conversion.

impl<V, T> VZip<V> for Twhere
V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>where
S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more