Struct apple_codesign::dmg::DmgSigner

source · 
pub struct DmgSigner {}
Expand description

Entity for signing DMG files.

Implementations§

Sign a DMG.

Parameters controlling the signing operation are specified by settings.

file is a readable and writable file. The DMG signature will be written into the source file.

Examples found in repository?
src/signing.rs (line 152)
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

    pub fn sign_dmg(
        &self,
        input_path: impl AsRef<Path>,
        output_path: impl AsRef<Path>,
    ) -> Result<(), AppleCodesignError> {
        let input_path = input_path.as_ref();
        let output_path = output_path.as_ref();

        warn!("signing {} as a DMG", input_path.display());

        // There must be a binary identifier on the DMG. So try to derive one
        // from the filename if one isn't present in the settings.
        let mut settings = self.settings.clone();

        if settings.binary_identifier(SettingsScope::Main).is_none() {
            let file_name = input_path
                .file_stem()
                .ok_or_else(|| {
                    AppleCodesignError::CliGeneralError("unable to resolve file name of DMG".into())
                })?
                .to_string_lossy();

            warn!(
                "setting binary identifier to {} (derived from file name)",
                file_name
            );
            settings.set_binary_identifier(SettingsScope::Main, file_name);
        }

        // The DMG signer signs in place because it needs a `File` handle. So if
        // the output path is different, copy the DMG first.

        // This is not robust same file detection.
        if input_path != output_path {
            info!(
                "copying {} to {} in preparation for signing",
                input_path.display(),
                output_path.display()
            );
            if let Some(parent) = output_path.parent() {
                std::fs::create_dir_all(parent)?;
            }

            std::fs::copy(input_path, output_path)?;
        }

        let signer = DmgSigner::default();
        let mut fh = std::fs::File::options()
            .read(true)
            .write(true)
            .open(output_path)?;
        signer.sign_file(&settings, &mut fh)?;

        Ok(())
    }

Staple a notarization ticket to a DMG.

Examples found in repository?
src/stapling.rs (line 224)
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227

    pub fn staple_dmg(&self, path: &Path) -> Result<(), AppleCodesignError> {
        let mut fh = File::options().read(true).write(true).open(path)?;

        warn!(
            "attempting to find notarization ticket for DMG at {}",
            path.display()
        );
        let reader = DmgReader::new(&mut fh)?;

        let ticket_data = self.lookup_ticket_for_dmg(&reader)?;
        warn!("found notarization ticket; proceeding with stapling");

        let signer = DmgSigner::default();
        signer.staple_file(&mut fh, ticket_data)?;

        Ok(())
    }

Create the embedded signature superblob content.

Examples found in repository?
src/dmg.rs (line 273)
265
266
267
268
269
270
271
272
273
274
275
276

    pub fn sign_file(
        &self,
        settings: &SigningSettings,
        fh: &mut File,
    ) -> Result<(), AppleCodesignError> {
        warn!("signing DMG");

        let koly = DmgReader::new(fh)?.koly().clone();
        let signature = self.create_superblob(settings, fh)?;

        Self::write_embedded_signature(fh, koly, &signature)
    }

Create the code directory data structure that is part of the embedded signature.

This won’t be the final data structure state that is serialized, as it may be amended to in other functions.

Examples found in repository?
src/dmg.rs (line 339)
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352

    pub fn create_superblob<F: Read + Write + Seek>(
        &self,
        settings: &SigningSettings,
        fh: &mut F,
    ) -> Result<Vec<u8>, AppleCodesignError> {
        let mut builder = EmbeddedSignatureBuilder::default();

        for (slot, blob) in self.create_special_blobs()? {
            builder.add_blob(slot, blob)?;
        }

        builder.add_code_directory(
            CodeSigningSlot::CodeDirectory,
            self.create_code_directory(settings, fh)?,
        )?;

        if let Some((signing_key, signing_cert)) = settings.signing_key() {
            builder.create_cms_signature(
                signing_key,
                signing_cert,
                settings.time_stamp_url(),
                settings.certificate_chain().iter().cloned(),
            )?;
        }

        builder.create_superblob()
    }

Create special blobs that are added to the superblob.

Examples found in repository?
src/dmg.rs (line 333)
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352

    pub fn create_superblob<F: Read + Write + Seek>(
        &self,
        settings: &SigningSettings,
        fh: &mut F,
    ) -> Result<Vec<u8>, AppleCodesignError> {
        let mut builder = EmbeddedSignatureBuilder::default();

        for (slot, blob) in self.create_special_blobs()? {
            builder.add_blob(slot, blob)?;
        }

        builder.add_code_directory(
            CodeSigningSlot::CodeDirectory,
            self.create_code_directory(settings, fh)?,
        )?;

        if let Some((signing_key, signing_cert)) = settings.signing_key() {
            builder.create_cms_signature(
                signing_key,
                signing_cert,
                settings.time_stamp_url(),
                settings.certificate_chain().iter().cloned(),
            )?;
        }

        builder.create_superblob()
    }

Trait Implementations§

Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more
Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more
Converts self into T using Into<T>. Read more
Causes self to use its Binary implementation when Debug-formatted.
Causes self to use its Display implementation when Debug-formatted.
Causes self to use its LowerExp implementation when Debug-formatted.
Causes self to use its LowerHex implementation when Debug-formatted.
Causes self to use its Octal implementation when Debug-formatted.
Causes self to use its Pointer implementation when Debug-formatted.
Causes self to use its UpperExp implementation when Debug-formatted.
Causes self to use its UpperHex implementation when Debug-formatted.
Formats each item in a sequence. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Pipes by value. This is generally the method you want to use. Read more
Borrows self and passes that borrow into the pipe function. Read more
Mutably borrows self and passes that borrow into the pipe function. Read more
Borrows self, then passes self.borrow() into the pipe function. Read more
Mutably borrows self, then passes self.borrow_mut() into the pipe function. Read more
Borrows self, then passes self.as_ref() into the pipe function.
Mutably borrows self, then passes self.as_mut() into the pipe function.
Borrows self, then passes self.deref() into the pipe function.
Mutably borrows self, then passes self.deref_mut() into the pipe function.
The alignment of pointer.
The type for initializers.
Initializes a with the given initializer. Read more
Dereferences the given pointer. Read more
Mutably dereferences the given pointer. Read more
Drops the object pointed to by the given pointer. Read more
Should always be Self
Immutable access to a value. Read more
Mutable access to a value. Read more
Immutable access to the Borrow<B> of a value. Read more
Mutable access to the BorrowMut<B> of a value. Read more
Immutable access to the AsRef<R> view of a value. Read more
Mutable access to the AsMut<R> view of a value. Read more
Immutable access to the Deref::Target of a value. Read more
Mutable access to the Deref::Target of a value. Read more
Calls .tap() only in debug builds, and is erased in release builds.
Calls .tap_mut() only in debug builds, and is erased in release builds.
Calls .tap_borrow() only in debug builds, and is erased in release builds.
Calls .tap_borrow_mut() only in debug builds, and is erased in release builds.
Calls .tap_ref() only in debug builds, and is erased in release builds.
Calls .tap_ref_mut() only in debug builds, and is erased in release builds.
Calls .tap_deref() only in debug builds, and is erased in release builds.
Calls .tap_deref_mut() only in debug builds, and is erased in release builds.
The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
Attempts to convert self into T using TryInto<T>. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.
Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more