Struct apple_codesign::CodeSignatureFlags
source · pub struct CodeSignatureFlags { /* private fields */ }Expand description
Code signature flags.
These flags are embedded in the Code Directory and govern use of the embedded signature.
Implementations§
source§impl CodeSignatureFlags
impl CodeSignatureFlags
sourcepub const FORCE_HARD: Self = _
pub const FORCE_HARD: Self = _
Set the “hard” status bit for the code when it starts running.
sourcepub const FORCE_KILL: Self = _
pub const FORCE_KILL: Self = _
Implicitly set the “kill” status bit for the code when it starts running.
sourcepub const FORCE_EXPIRATION: Self = _
pub const FORCE_EXPIRATION: Self = _
Force certificate expiration checks.
sourcepub const ENFORCEMENT: Self = _
pub const ENFORCEMENT: Self = _
Enforce code signing.
sourcepub const LIBRARY_VALIDATION: Self = _
pub const LIBRARY_VALIDATION: Self = _
Library validation required.
sourcepub const LINKER_SIGNED: Self = _
pub const LINKER_SIGNED: Self = _
The code was automatically signed by the linker.
This signature should be ignored in any new signing operation.
sourcepub const fn empty() -> Self
pub const fn empty() -> Self
Returns an empty set of flags.
Examples found in repository?
More examples
src/macho_signing.rs (line 426)
409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588
pub fn create_code_directory(
&self,
settings: &SigningSettings,
macho: &MachOBinary,
) -> Result<CodeDirectoryBlob<'static>, AppleCodesignError> {
// TODO support defining or filling in proper values for fields with
// static values.
let target = macho.find_targeting()?;
if let Some(target) = &target {
info!(
"binary targets {} >= {} with SDK {}",
target.platform, target.minimum_os_version, target.sdk_version,
);
}
let mut flags = CodeSignatureFlags::empty();
if let Some(additional) = settings.code_signature_flags(SettingsScope::Main) {
info!(
"adding code signature flags from signing settings: {:?}",
additional
);
flags |= additional;
}
// The adhoc flag is set when there is no CMS signature.
if settings.signing_key().is_none() {
info!("creating ad-hoc signature");
flags |= CodeSignatureFlags::ADHOC;
} else if flags.contains(CodeSignatureFlags::ADHOC) {
info!("removing ad-hoc code signature flag");
flags -= CodeSignatureFlags::ADHOC;
}
// Remove linker signed flag because we're not a linker.
if flags.contains(CodeSignatureFlags::LINKER_SIGNED) {
info!("removing linker signed flag from code signature (we're not a linker)");
flags -= CodeSignatureFlags::LINKER_SIGNED;
}
// Code limit fields hold the file offset at which code digests stop. This
// is the file offset in the `__LINKEDIT` segment when the embedded signature
// SuperBlob begins.
let (code_limit, code_limit_64) = match macho.code_limit_binary_offset()? {
x if x > u32::MAX as u64 => (0, Some(x)),
x => (x as u32, None),
};
let platform = 0;
let page_size = 4096u32;
let (exec_seg_base, exec_seg_limit) = macho.executable_segment_boundary()?;
let (exec_seg_base, exec_seg_limit) = (Some(exec_seg_base), Some(exec_seg_limit));
// Executable segment flags are wonky.
//
// Foremost, these flags are only present if the Mach-O binary is an executable. So not
// matter what the settings say, we don't set these flags unless the Mach-O file type
// is proper.
//
// Executable segment flags are also derived from an associated entitlements plist.
let exec_seg_flags = if macho.is_executable() {
if let Some(entitlements) = settings.entitlements_plist(SettingsScope::Main) {
let flags = plist_to_executable_segment_flags(entitlements);
if !flags.is_empty() {
info!("entitlements imply executable segment flags: {:?}", flags);
}
Some(flags | ExecutableSegmentFlags::MAIN_BINARY)
} else {
Some(ExecutableSegmentFlags::MAIN_BINARY)
}
} else {
None
};
// The runtime version is the SDK version from the targeting loader commands. Same
// u32 with nibbles encoding the version.
//
// If the runtime code signature flag is set, we also need to set the runtime version
// or else the activation of the hardened runtime is incomplete.
// If the settings defines a runtime version override, use it.
let runtime = match settings.runtime_version(SettingsScope::Main) {
Some(version) => {
info!(
"using hardened runtime version {} from signing settings",
version
);
Some(semver_to_macho_target_version(version))
}
None => None,
};
// If we still don't have a runtime but need one, derive from the target SDK.
let runtime = if runtime.is_none() && flags.contains(CodeSignatureFlags::RUNTIME) {
if let Some(target) = &target {
info!(
"using hardened runtime version {} derived from SDK version",
target.sdk_version
);
Some(semver_to_macho_target_version(&target.sdk_version))
} else {
warn!("hardened runtime version required but unable to derive suitable version; signature will likely fail Apple checks");
None
}
} else {
runtime
};
let code_hashes = macho
.code_digests(*settings.digest_type(), page_size as _)?
.into_iter()
.map(|v| Digest { data: v.into() })
.collect::<Vec<_>>();
let mut special_hashes = HashMap::new();
// There is no corresponding blob for the info plist data since it is provided
// externally to the embedded signature.
if let Some(data) = settings.info_plist_data(SettingsScope::Main) {
special_hashes.insert(
CodeSigningSlot::Info,
Digest {
data: settings.digest_type().digest_data(data)?.into(),
},
);
}
// There is no corresponding blob for resources data since it is provided
// externally to the embedded signature.
if let Some(data) = settings.code_resources_data(SettingsScope::Main) {
special_hashes.insert(
CodeSigningSlot::ResourceDir,
Digest {
data: settings.digest_type().digest_data(data)?.into(),
}
.to_owned(),
);
}
let ident = Cow::Owned(
settings
.binary_identifier(SettingsScope::Main)
.ok_or(AppleCodesignError::NoIdentifier)?
.to_string(),
);
let team_name = settings.team_id().map(|x| Cow::Owned(x.to_string()));
let mut cd = CodeDirectoryBlob {
flags,
code_limit,
digest_size: settings.digest_type().hash_len()? as u8,
digest_type: *settings.digest_type(),
platform,
page_size,
code_limit_64,
exec_seg_base,
exec_seg_limit,
exec_seg_flags,
runtime,
ident,
team_name,
code_digests: code_hashes,
..Default::default()
};
for (slot, digest) in special_hashes {
cd.set_slot_digest(slot, digest)?;
}
cd.adjust_version(target);
cd.clear_newer_fields();
Ok(cd)
}sourcepub const fn from_bits(bits: u32) -> Option<Self>
pub const fn from_bits(bits: u32) -> Option<Self>
Convert from underlying bit representation, unless that representation contains bits that do not correspond to a flag.
sourcepub const fn from_bits_truncate(bits: u32) -> Self
pub const fn from_bits_truncate(bits: u32) -> Self
Convert from underlying bit representation, dropping any bits that do not correspond to flags.
sourcepub const unsafe fn from_bits_unchecked(bits: u32) -> Self
pub const unsafe fn from_bits_unchecked(bits: u32) -> Self
Convert from underlying bit representation, preserving all bits (even those not corresponding to a defined flag).
Safety
The caller of the bitflags! macro can chose to allow or
disallow extra bits for their bitflags type.
The caller of from_bits_unchecked() has to ensure that
all bits correspond to a defined flag or that extra bits
are valid for this bitflags type.
Examples found in repository?
src/code_directory.rs (line 248)
241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415
fn from_blob_bytes(data: &'a [u8]) -> Result<Self, AppleCodesignError> {
read_and_validate_blob_header(data, Self::magic(), "code directory blob")?;
let offset = &mut 8;
let version = data.gread_with(offset, scroll::BE)?;
let flags = data.gread_with::<u32>(offset, scroll::BE)?;
let flags = unsafe { CodeSignatureFlags::from_bits_unchecked(flags) };
assert_eq!(*offset, 0x10);
let digest_offset = data.gread_with::<u32>(offset, scroll::BE)?;
let ident_offset = data.gread_with::<u32>(offset, scroll::BE)?;
let n_special_slots = data.gread_with::<u32>(offset, scroll::BE)?;
let n_code_slots = data.gread_with::<u32>(offset, scroll::BE)?;
assert_eq!(*offset, 0x20);
let code_limit = data.gread_with(offset, scroll::BE)?;
let digest_size = data.gread_with(offset, scroll::BE)?;
let digest_type = data.gread_with::<u8>(offset, scroll::BE)?.into();
let platform = data.gread_with(offset, scroll::BE)?;
let page_size = data.gread_with::<u8>(offset, scroll::BE)?;
let page_size = 2u32.pow(page_size as u32);
let spare2 = data.gread_with(offset, scroll::BE)?;
let scatter_offset = if version >= CodeDirectoryVersion::SupportsScatter as u32 {
let v = data.gread_with(offset, scroll::BE)?;
if v != 0 {
Some(v)
} else {
None
}
} else {
None
};
let team_offset = if version >= CodeDirectoryVersion::SupportsTeamId as u32 {
assert_eq!(*offset, 0x30);
let v = data.gread_with::<u32>(offset, scroll::BE)?;
if v != 0 {
Some(v)
} else {
None
}
} else {
None
};
let (spare3, code_limit_64) = if version >= CodeDirectoryVersion::SupportsCodeLimit64 as u32
{
(
Some(data.gread_with(offset, scroll::BE)?),
Some(data.gread_with(offset, scroll::BE)?),
)
} else {
(None, None)
};
let (exec_seg_base, exec_seg_limit, exec_seg_flags) =
if version >= CodeDirectoryVersion::SupportsExecutableSegment as u32 {
assert_eq!(*offset, 0x40);
(
Some(data.gread_with(offset, scroll::BE)?),
Some(data.gread_with(offset, scroll::BE)?),
Some(data.gread_with::<u64>(offset, scroll::BE)?),
)
} else {
(None, None, None)
};
let exec_seg_flags = exec_seg_flags
.map(|flags| unsafe { ExecutableSegmentFlags::from_bits_unchecked(flags) });
let (runtime, pre_encrypt_offset) =
if version >= CodeDirectoryVersion::SupportsRuntime as u32 {
assert_eq!(*offset, 0x58);
(
Some(data.gread_with(offset, scroll::BE)?),
Some(data.gread_with(offset, scroll::BE)?),
)
} else {
(None, None)
};
let (linkage_hash_type, linkage_truncated, spare4, linkage_offset, linkage_size) =
if version >= CodeDirectoryVersion::SupportsLinkage as u32 {
assert_eq!(*offset, 0x60);
(
Some(data.gread_with(offset, scroll::BE)?),
Some(data.gread_with(offset, scroll::BE)?),
Some(data.gread_with(offset, scroll::BE)?),
Some(data.gread_with(offset, scroll::BE)?),
Some(data.gread_with(offset, scroll::BE)?),
)
} else {
(None, None, None, None, None)
};
// Find trailing null in identifier string.
let ident = match data[ident_offset as usize..]
.split(|&b| b == 0)
.map(std::str::from_utf8)
.next()
{
Some(res) => {
Cow::from(res.map_err(|_| AppleCodesignError::CodeDirectoryMalformedIdentifier)?)
}
None => {
return Err(AppleCodesignError::CodeDirectoryMalformedIdentifier);
}
};
let team_name = if let Some(team_offset) = team_offset {
match data[team_offset as usize..]
.split(|&b| b == 0)
.map(std::str::from_utf8)
.next()
{
Some(res) => {
Some(Cow::from(res.map_err(|_| {
AppleCodesignError::CodeDirectoryMalformedTeam
})?))
}
None => {
return Err(AppleCodesignError::CodeDirectoryMalformedTeam);
}
}
} else {
None
};
let code_digests = get_hashes(
data,
digest_offset as usize,
n_code_slots as usize,
digest_size as usize,
);
let special_digests = get_hashes(
data,
(digest_offset - (digest_size as u32 * n_special_slots)) as usize,
n_special_slots as usize,
digest_size as usize,
)
.into_iter()
.enumerate()
.map(|(i, h)| (CodeSigningSlot::from(n_special_slots - i as u32), h))
.collect();
Ok(Self {
version,
flags,
code_limit,
digest_size,
digest_type,
platform,
page_size,
spare2,
scatter_offset,
spare3,
code_limit_64,
exec_seg_base,
exec_seg_limit,
exec_seg_flags,
runtime,
pre_encrypt_offset,
linkage_hash_type,
linkage_truncated,
spare4,
linkage_offset,
linkage_size,
ident,
team_name,
code_digests,
special_digests,
})
}sourcepub const fn is_empty(&self) -> bool
pub const fn is_empty(&self) -> bool
Returns true if no flags are currently stored.
Examples found in repository?
src/signing_settings.rs (line 821)
745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858
pub fn import_settings_from_macho(&mut self, data: &[u8]) -> Result<(), AppleCodesignError> {
info!("inferring default signing settings from Mach-O binary");
for macho in MachFile::parse(data)?.into_iter() {
let index = macho.index.unwrap_or(0);
let scope_main = SettingsScope::Main;
let scope_index = SettingsScope::MultiArchIndex(index);
let scope_arch = SettingsScope::MultiArchCpuType(macho.macho.header.cputype());
// Older operating system versions don't have support for SHA-256 in
// signatures. If the minimum version targeting in the binary doesn't
// support SHA-256, we automatically change the digest targeting settings
// so the binary will be signed correctly.
if let Some(targeting) = macho.find_targeting()? {
let sha256_version = targeting.platform.sha256_digest_support()?;
if !sha256_version.matches(&targeting.minimum_os_version) {
info!(
"activating SHA-1 digests because minimum OS target {} is not {}",
targeting.minimum_os_version, sha256_version
);
// This logic is a bit wonky. We want SHA-1 to be present on all binaries
// within a fat binary. So if we need SHA-1 mode, we set the setting on the
// main scope and then clear any overrides on fat binary scopes so our
// settings are canonical.
self.set_digest_type(DigestType::Sha1);
self.add_extra_digest(scope_main.clone(), DigestType::Sha256);
self.extra_digests.remove(&scope_arch);
self.extra_digests.remove(&scope_index);
}
}
// The Mach-O can have embedded Info.plist data. Use it if available and not
// already defined in settings.
if let Some(info_plist) = macho.embedded_info_plist()? {
if self.info_plist_data(&scope_main).is_some()
|| self.info_plist_data(&scope_index).is_some()
|| self.info_plist_data(&scope_arch).is_some()
{
info!("using Info.plist data from settings");
} else {
info!("preserving Info.plist data already present in Mach-O");
self.set_info_plist_data(scope_index.clone(), info_plist);
}
}
if let Some(sig) = macho.code_signature()? {
if let Some(cd) = sig.code_directory()? {
if self.binary_identifier(&scope_main).is_some()
|| self.binary_identifier(&scope_index).is_some()
|| self.binary_identifier(&scope_arch).is_some()
{
info!("using binary identifier from settings");
} else {
info!("preserving existing binary identifier in Mach-O");
self.set_binary_identifier(scope_index.clone(), cd.ident);
}
if self.team_id.contains_key(&scope_main)
|| self.team_id.contains_key(&scope_index)
|| self.team_id.contains_key(&scope_arch)
{
info!("using team ID from settings");
} else if let Some(team_id) = cd.team_name {
info!("preserving team ID in existing Mach-O signature");
self.team_id
.insert(scope_index.clone(), team_id.to_string());
}
if self.code_signature_flags(&scope_main).is_some()
|| self.code_signature_flags(&scope_index).is_some()
|| self.code_signature_flags(&scope_arch).is_some()
{
info!("using code signature flags from settings");
} else if !cd.flags.is_empty() {
info!("preserving code signature flags in existing Mach-O signature");
self.set_code_signature_flags(scope_index.clone(), cd.flags);
}
if self.runtime_version(&scope_main).is_some()
|| self.runtime_version(&scope_index).is_some()
|| self.runtime_version(&scope_arch).is_some()
{
info!("using runtime version from settings");
} else if let Some(version) = cd.runtime {
info!("preserving runtime version in existing Mach-O signature");
self.set_runtime_version(
scope_index.clone(),
parse_version_nibbles(version),
);
}
}
if let Some(entitlements) = sig.entitlements()? {
if self.entitlements_plist(&scope_main).is_some()
|| self.entitlements_plist(&scope_index).is_some()
|| self.entitlements_plist(&scope_arch).is_some()
{
info!("using entitlements from settings");
} else {
info!("preserving existing entitlements in Mach-O");
self.set_entitlements_xml(
SettingsScope::MultiArchIndex(index),
entitlements.as_str(),
)?;
}
}
}
}
Ok(())
}sourcepub const fn intersects(&self, other: Self) -> bool
pub const fn intersects(&self, other: Self) -> bool
Returns true if there are flags common to both self and other.
sourcepub const fn contains(&self, other: Self) -> bool
pub const fn contains(&self, other: Self) -> bool
Returns true if all of the flags in other are contained within self.
Examples found in repository?
src/macho_signing.rs (line 440)
409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588
pub fn create_code_directory(
&self,
settings: &SigningSettings,
macho: &MachOBinary,
) -> Result<CodeDirectoryBlob<'static>, AppleCodesignError> {
// TODO support defining or filling in proper values for fields with
// static values.
let target = macho.find_targeting()?;
if let Some(target) = &target {
info!(
"binary targets {} >= {} with SDK {}",
target.platform, target.minimum_os_version, target.sdk_version,
);
}
let mut flags = CodeSignatureFlags::empty();
if let Some(additional) = settings.code_signature_flags(SettingsScope::Main) {
info!(
"adding code signature flags from signing settings: {:?}",
additional
);
flags |= additional;
}
// The adhoc flag is set when there is no CMS signature.
if settings.signing_key().is_none() {
info!("creating ad-hoc signature");
flags |= CodeSignatureFlags::ADHOC;
} else if flags.contains(CodeSignatureFlags::ADHOC) {
info!("removing ad-hoc code signature flag");
flags -= CodeSignatureFlags::ADHOC;
}
// Remove linker signed flag because we're not a linker.
if flags.contains(CodeSignatureFlags::LINKER_SIGNED) {
info!("removing linker signed flag from code signature (we're not a linker)");
flags -= CodeSignatureFlags::LINKER_SIGNED;
}
// Code limit fields hold the file offset at which code digests stop. This
// is the file offset in the `__LINKEDIT` segment when the embedded signature
// SuperBlob begins.
let (code_limit, code_limit_64) = match macho.code_limit_binary_offset()? {
x if x > u32::MAX as u64 => (0, Some(x)),
x => (x as u32, None),
};
let platform = 0;
let page_size = 4096u32;
let (exec_seg_base, exec_seg_limit) = macho.executable_segment_boundary()?;
let (exec_seg_base, exec_seg_limit) = (Some(exec_seg_base), Some(exec_seg_limit));
// Executable segment flags are wonky.
//
// Foremost, these flags are only present if the Mach-O binary is an executable. So not
// matter what the settings say, we don't set these flags unless the Mach-O file type
// is proper.
//
// Executable segment flags are also derived from an associated entitlements plist.
let exec_seg_flags = if macho.is_executable() {
if let Some(entitlements) = settings.entitlements_plist(SettingsScope::Main) {
let flags = plist_to_executable_segment_flags(entitlements);
if !flags.is_empty() {
info!("entitlements imply executable segment flags: {:?}", flags);
}
Some(flags | ExecutableSegmentFlags::MAIN_BINARY)
} else {
Some(ExecutableSegmentFlags::MAIN_BINARY)
}
} else {
None
};
// The runtime version is the SDK version from the targeting loader commands. Same
// u32 with nibbles encoding the version.
//
// If the runtime code signature flag is set, we also need to set the runtime version
// or else the activation of the hardened runtime is incomplete.
// If the settings defines a runtime version override, use it.
let runtime = match settings.runtime_version(SettingsScope::Main) {
Some(version) => {
info!(
"using hardened runtime version {} from signing settings",
version
);
Some(semver_to_macho_target_version(version))
}
None => None,
};
// If we still don't have a runtime but need one, derive from the target SDK.
let runtime = if runtime.is_none() && flags.contains(CodeSignatureFlags::RUNTIME) {
if let Some(target) = &target {
info!(
"using hardened runtime version {} derived from SDK version",
target.sdk_version
);
Some(semver_to_macho_target_version(&target.sdk_version))
} else {
warn!("hardened runtime version required but unable to derive suitable version; signature will likely fail Apple checks");
None
}
} else {
runtime
};
let code_hashes = macho
.code_digests(*settings.digest_type(), page_size as _)?
.into_iter()
.map(|v| Digest { data: v.into() })
.collect::<Vec<_>>();
let mut special_hashes = HashMap::new();
// There is no corresponding blob for the info plist data since it is provided
// externally to the embedded signature.
if let Some(data) = settings.info_plist_data(SettingsScope::Main) {
special_hashes.insert(
CodeSigningSlot::Info,
Digest {
data: settings.digest_type().digest_data(data)?.into(),
},
);
}
// There is no corresponding blob for resources data since it is provided
// externally to the embedded signature.
if let Some(data) = settings.code_resources_data(SettingsScope::Main) {
special_hashes.insert(
CodeSigningSlot::ResourceDir,
Digest {
data: settings.digest_type().digest_data(data)?.into(),
}
.to_owned(),
);
}
let ident = Cow::Owned(
settings
.binary_identifier(SettingsScope::Main)
.ok_or(AppleCodesignError::NoIdentifier)?
.to_string(),
);
let team_name = settings.team_id().map(|x| Cow::Owned(x.to_string()));
let mut cd = CodeDirectoryBlob {
flags,
code_limit,
digest_size: settings.digest_type().hash_len()? as u8,
digest_type: *settings.digest_type(),
platform,
page_size,
code_limit_64,
exec_seg_base,
exec_seg_limit,
exec_seg_flags,
runtime,
ident,
team_name,
code_digests: code_hashes,
..Default::default()
};
for (slot, digest) in special_hashes {
cd.set_slot_digest(slot, digest)?;
}
cd.adjust_version(target);
cd.clear_newer_fields();
Ok(cd)
}sourcepub fn set(&mut self, other: Self, value: bool)
pub fn set(&mut self, other: Self, value: bool)
Inserts or removes the specified flags depending on the passed value.
sourcepub const fn intersection(self, other: Self) -> Self
pub const fn intersection(self, other: Self) -> Self
Returns the intersection between the flags in self and
other.
Specifically, the returned set contains only the flags which are
present in both self and other.
This is equivalent to using the & operator (e.g.
ops::BitAnd), as in flags & other.
sourcepub const fn union(self, other: Self) -> Self
pub const fn union(self, other: Self) -> Self
Returns the union of between the flags in self and other.
Specifically, the returned set contains all flags which are
present in either self or other, including any which are
present in both (see Self::symmetric_difference if that
is undesirable).
This is equivalent to using the | operator (e.g.
ops::BitOr), as in flags | other.
sourcepub const fn difference(self, other: Self) -> Self
pub const fn difference(self, other: Self) -> Self
Returns the difference between the flags in self and other.
Specifically, the returned set contains all flags present in
self, except for the ones present in other.
It is also conceptually equivalent to the “bit-clear” operation:
flags & !other (and this syntax is also supported).
This is equivalent to using the - operator (e.g.
ops::Sub), as in flags - other.
sourcepub const fn symmetric_difference(self, other: Self) -> Self
pub const fn symmetric_difference(self, other: Self) -> Self
Returns the symmetric difference between the flags
in self and other.
Specifically, the returned set contains the flags present which
are present in self or other, but that are not present in
both. Equivalently, it contains the flags present in exactly
one of the sets self and other.
This is equivalent to using the ^ operator (e.g.
ops::BitXor), as in flags ^ other.
sourcepub const fn complement(self) -> Self
pub const fn complement(self) -> Self
Returns the complement of this set of flags.
Specifically, the returned set contains all the flags which are
not set in self, but which are allowed for this type.
Alternatively, it can be thought of as the set difference
between Self::all() and self (e.g. Self::all() - self)
This is equivalent to using the ! operator (e.g.
ops::Not), as in !flags.
source§impl CodeSignatureFlags
impl CodeSignatureFlags
sourcepub fn all_user_configurable() -> [&'static str; 7]
pub fn all_user_configurable() -> [&'static str; 7]
Obtain all flags that can be set by the user.
Maps to variants that have a from_str() implementation.
Examples found in repository?
src/cli.rs (line 2937)
2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 2605 2606 2607 2608 2609 2610 2611 2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 2714 2715 2716 2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727 2728 2729 2730 2731 2732 2733 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769 2770 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 2801 2802 2803 2804 2805 2806 2807 2808 2809 2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 2826 2827 2828 2829 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864 2865 2866 2867 2868 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884 2885 2886 2887 2888 2889 2890 2891 2892 2893 2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926 2927 2928 2929 2930 2931 2932 2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948 2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002 3003 3004 3005 3006 3007 3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061 3062 3063 3064 3065 3066 3067 3068 3069 3070 3071 3072 3073 3074 3075 3076 3077 3078 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107
pub fn main_impl() -> Result<(), AppleCodesignError> {
let app = Command::new("Cross platform Apple code signing in pure Rust")
.version(env!("CARGO_PKG_VERSION"))
.author("Gregory Szorc <gregory.szorc@gmail.com>")
.about("Sign and notarize Apple programs. See https://gregoryszorc.com/docs/apple-codesign/main/ for more docs.")
.arg_required_else_help(true)
.arg(
Arg::new("verbose")
.long("verbose")
.short('v')
.global(true)
.action(ArgAction::Count)
.help("Increase logging verbosity. Can be specified multiple times."),
);
let app = app.subcommand(add_certificate_source_args(
Command::new("analyze-certificate")
.about("Analyze an X.509 certificate for Apple code signing properties")
.long_about(ANALYZE_CERTIFICATE_ABOUT),
));
let app = app.subcommand(
Command::new("compute-code-hashes")
.about("Compute code hashes for a binary")
.arg(
Arg::new("path")
.action(ArgAction::Set)
.required(true)
.help("path to Mach-O binary to examine"),
)
.arg(
Arg::new("hash")
.long("hash")
.action(ArgAction::Set)
.value_parser(SUPPORTED_HASHES)
.default_value("sha256")
.help("Hashing algorithm to use"),
)
.arg(
Arg::new("page_size")
.long("page-size")
.action(ArgAction::Set)
.default_value("4096")
.help("Chunk size to digest over"),
)
.arg(
Arg::new("universal_index")
.long("universal-index")
.action(ArgAction::Set)
.default_value("0")
.help("Index of Mach-O binary to operate on within a universal/fat binary"),
),
);
let app = app.subcommand(
Command::new("diff-signatures")
.about("Print a diff between the signature content of two paths")
.arg(
Arg::new("path0")
.action(ArgAction::Set)
.required(true)
.help("The first path to compare"),
)
.arg(
Arg::new("path1")
.action(ArgAction::Set)
.required(true)
.help("The second path to compare"),
),
);
let app = app.subcommand(
Command::new("encode-app-store-connect-api-key")
.about("Encode App Store Connect API Key metadata to a single file")
.long_about(ENCODE_APP_STORE_CONNECT_API_KEY_ABOUT)
.arg(
Arg::new("output_path")
.short('o')
.long("output-path")
.action(ArgAction::Set)
.value_parser(value_parser!(PathBuf))
.help("Path to a JSON file to create the output to"),
)
.arg(
Arg::new("issuer_id")
.action(ArgAction::Set)
.required(true)
.help("The issuer of the API Token. Likely a UUID"),
)
.arg(
Arg::new("key_id")
.action(ArgAction::Set)
.required(true)
.help("The Key ID. A short alphanumeric string like DEADBEEF42"),
)
.arg(
Arg::new("private_key_path")
.action(ArgAction::Set)
.required(true)
.value_parser(value_parser!(PathBuf))
.help("Path to a file containing the private key downloaded from Apple"),
),
);
let app = app.subcommand(
Command::new("extract")
.about("Extracts code signature data from a Mach-O binary")
.long_about(EXTRACT_ABOUT)
.arg(
Arg::new("path")
.action(ArgAction::Set)
.required(true)
.help("Path to Mach-O binary to examine"),
)
.arg(
Arg::new("data")
.long("data")
.action(ArgAction::Set)
.value_parser([
"blobs",
"cms-info",
"cms-pem",
"cms-raw",
"cms",
"code-directory-raw",
"code-directory-serialized-raw",
"code-directory-serialized",
"code-directory",
"linkedit-info",
"linkedit-segment-raw",
"macho-load-commands",
"macho-segments",
"macho-target",
"requirements-raw",
"requirements-rust",
"requirements-serialized-raw",
"requirements-serialized",
"requirements",
"signature-raw",
"superblob",
])
.default_value("linkedit-info")
.help("Which data to extract and how to format it"),
)
.arg(
Arg::new("universal_index")
.long("universal-index")
.action(ArgAction::Set)
.default_value("0")
.help("Index of Mach-O binary to operate on within a universal/fat binary"),
),
);
let app = app.subcommand(
add_certificate_source_args(Command::new("generate-certificate-signing-request")
.about("Generates a certificate signing request that can be sent to Apple and exchanged for a signing certificate")
.arg(
Arg::new("csr_pem_path")
.long("csr-pem-path")
.action(ArgAction::Set)
.help("Path to file to write PEM encoded CSR to")
)
));
let app = app.subcommand(
Command::new("generate-self-signed-certificate")
.about("Generate a self-signed certificate for code signing")
.long_about(GENERATE_SELF_SIGNED_CERTIFICATE_ABOUT)
.arg(
Arg::new("algorithm")
.long("algorithm")
.action(ArgAction::Set)
.value_parser(["ecdsa", "ed25519"])
.default_value("ecdsa")
.help("Which key type to use"),
)
.arg(
Arg::new("profile")
.long("profile")
.action(ArgAction::Set)
.value_parser(CertificateProfile::str_names())
.default_value("apple-development"),
)
.arg(
Arg::new("team_id")
.long("team-id")
.action(ArgAction::Set)
.default_value("unset")
.help(
"Team ID (this is a short string attached to your Apple Developer account)",
),
)
.arg(
Arg::new("person_name")
.long("person-name")
.action(ArgAction::Set)
.required(true)
.help("The name of the person this certificate is for"),
)
.arg(
Arg::new("country_name")
.long("country-name")
.action(ArgAction::Set)
.default_value("XX")
.help("Country Name (C) value for certificate identifier"),
)
.arg(
Arg::new("validity_days")
.long("validity-days")
.action(ArgAction::Set)
.default_value("365")
.help("How many days the certificate should be valid for"),
)
.arg(
Arg::new("pem_filename")
.long("pem-filename")
.action(ArgAction::Set)
.help("Base name of files to write PEM encoded certificate to"),
),
);
let app = app.
subcommand(Command::new("keychain-export-certificate-chain")
.about("Export Apple CA certificates from the macOS Keychain")
.arg(
Arg::new("domain")
.long("domain")
.action(ArgAction::Set)
.value_parser(["user", "system", "common", "dynamic"])
.default_value("user")
.help("Keychain domain to operate on")
)
.arg(
Arg::new("password")
.long("--password")
.action(ArgAction::Set)
.help("Password to unlock the Keychain")
)
.arg(
Arg::new("password_file")
.long("--password-file")
.action(ArgAction::Set)
.conflicts_with("password")
.help("File containing password to use to unlock the Keychain")
)
.arg(
Arg::new("no_print_self")
.long("--no-print-self")
.action(ArgAction::SetTrue)
.help("Print only the issuing certificate chain, not the subject certificate")
)
.arg(
Arg::new("user_id")
.long("--user-id")
.action(ArgAction::Set)
.required(true)
.help("User ID value of code signing certificate to find and whose CA chain to export")
),
);
let app = app.subcommand(
Command::new("keychain-print-certificates")
.about("Print information about certificates in the macOS keychain")
.arg(
Arg::new("domain")
.long("--domain")
.action(ArgAction::Set)
.value_parser(["user", "system", "common", "dynamic"])
.default_value("user")
.help("Keychain domain to operate on"),
),
);
let app = app.subcommand(add_notary_api_args(
Command::new("notary-log")
.about("Fetch the notarization log for a previous submission")
.arg(
Arg::new("submission_id")
.action(ArgAction::Set)
.required(true)
.help("The ID of the previous submission to wait on"),
),
));
let app = app.subcommand(add_notary_api_args(
Command::new("notary-submit")
.about("Upload an asset to Apple for notarization and possibly staple it")
.long_about(NOTARIZE_ABOUT)
.alias("notarize")
.arg(
Arg::new("wait")
.long("wait")
.action(ArgAction::SetTrue)
.help("Whether to wait for upload processing to complete"),
)
.arg(
Arg::new("max_wait_seconds")
.long("max-wait-seconds")
.action(ArgAction::Set)
.default_value("600")
.help("Maximum time in seconds to wait for the upload result"),
)
.arg(
Arg::new("staple")
.long("staple")
.action(ArgAction::SetTrue)
.help(
"Staple the notarization ticket after successful upload (implies --wait)",
),
)
.arg(
Arg::new("path")
.action(ArgAction::Set)
.required(true)
.help("Path to asset to upload"),
),
));
let app = app.subcommand(add_notary_api_args(
Command::new("notary-wait")
.about("Wait for completion of a previous submission")
.arg(
Arg::new("max_wait_seconds")
.long("max-wait-seconds")
.action(ArgAction::Set)
.default_value("600")
.help("Maximum time in seconds to wait for the upload result"),
)
.arg(
Arg::new("submission_id")
.action(ArgAction::Set)
.required(true)
.help("The ID of the previous submission to wait on"),
),
));
let app = app.subcommand(
Command::new("parse-code-signing-requirement")
.about("Parse binary Code Signing Requirement data into a human readable string")
.long_about(PARSE_CODE_SIGNING_REQUIREMENT_ABOUT)
.arg(
Arg::new("format")
.long("--format")
.action(ArgAction::Set)
.required(true)
.value_parser(["csrl", "expression-tree"])
.default_value("csrl")
.help("Output format"),
)
.arg(
Arg::new("input_path")
.action(ArgAction::Set)
.required(true)
.help("Path to file to parse"),
),
);
let app = app.subcommand(
Command::new("print-signature-info")
.about("Print signature information for a filesystem path")
.arg(
Arg::new("path")
.action(ArgAction::Set)
.required(true)
.help("Filesystem path to entity whose info to print"),
),
);
let app = app.subcommand(
Command::new("smartcard-scan")
.about("Show information about available smartcard (SC) devices"),
);
let app = app.subcommand(add_yubikey_policy_args(
Command::new("smartcard-generate-key")
.about("Generate a new private key on a smartcard")
.arg(
Arg::new("smartcard_slot")
.long("smartcard-slot")
.action(ArgAction::Set)
.required(true)
.help("Smartcard slot number to store key in (9c is common)"),
),
));
let app = app.subcommand(add_yubikey_policy_args(add_certificate_source_args(
Command::new("smartcard-import")
.about("Import a code signing certificate and key into a smartcard")
.arg(
Arg::new("existing_key")
.long("existing-key")
.action(ArgAction::SetTrue)
.help("Re-use the existing private key in the smartcard slot"),
)
.arg(
Arg::new("dry_run")
.long("dry-run")
.action(ArgAction::SetTrue)
.help("Don't actually perform the import"),
),
)));
let app = app.subcommand(add_certificate_source_args(
Command::new("remote-sign")
.about("Create signatures initiated from a remote signing operation")
.arg(
Arg::new("session_join_string_editor")
.long("editor")
.action(ArgAction::SetTrue)
.help("Open an editor to input the session join string"),
)
.arg(
Arg::new("session_join_string_path")
.long("sjs-path")
.action(ArgAction::Set)
.help("Path to file containing session join string"),
)
.arg(
Arg::new("session_join_string")
.action(ArgAction::Set)
.help("Session join string (provided by the signing initiator)"),
)
.group(
ArgGroup::new("session_join_string_source")
.arg("session_join_string_editor")
.arg("session_join_string_path")
.arg("session_join_string")
.required(true),
),
));
let app = app
.subcommand(
add_certificate_source_args(Command::new("sign")
.about("Sign a Mach-O binary or bundle")
.long_about(SIGN_ABOUT)
.arg(
Arg::new("binary_identifier")
.long("binary-identifier")
.action(ArgAction::Append)
.help("Identifier string for binary. The value normally used by CFBundleIdentifier")
)
.arg(
Arg::new("code_requirements_path")
.long("code-requirements-path")
.action(ArgAction::Append)
.help("Path to a file containing binary code requirements data to be used as designated requirements")
)
.arg(
Arg::new("code_resources")
.long("code-resources-path")
.action(ArgAction::Append)
.help("Path to an XML plist file containing code resources"),
)
.arg(
Arg::new("code_signature_flags_set")
.long("code-signature-flags")
.action(ArgAction::Append)
.value_parser(CodeSignatureFlags::all_user_configurable())
.help("Code signature flags to set")
)
.arg(
Arg::new("digest")
.long("digest")
.action(ArgAction::Set)
.value_parser(SUPPORTED_HASHES)
.default_value("sha256")
.help("Digest algorithm to use")
)
.arg(Arg::new("extra_digest")
.long("extra-digest")
.action(ArgAction::Append)
.value_parser(SUPPORTED_HASHES)
.help("Extra digests to include in signatures")
)
.arg(
Arg::new("entitlements_xml_path")
.long("entitlements-xml-path")
.short('e')
.action(ArgAction::Append)
.help("Path to a plist file containing entitlements"),
)
.arg(
Arg::new("runtime_version")
.long("runtime-version")
.action(ArgAction::Append)
.help("Hardened runtime version to use (defaults to SDK version used to build binary)"))
.arg(
Arg::new("info_plist_path")
.long("info-plist-path")
.action(ArgAction::Append)
.help("Path to an Info.plist file whose digest to include in Mach-O signature")
)
.arg(
Arg::new(
"team_name")
.long("team-name")
.action(ArgAction::Set)
.help("Team name/identifier to include in code signature"
)
)
.arg(
Arg::new("timestamp_url")
.long("timestamp-url")
.action(ArgAction::Set)
.default_value(APPLE_TIMESTAMP_URL)
.help(
"URL of timestamp server to use to obtain a token of the CMS signature",
),
)
.arg(
Arg::new("exclude")
.long("exclude")
.action(ArgAction::Append)
.help("Glob expression of paths to exclude from signing")
)
.arg(
Arg::new("smartcard_pin_env")
.long("smartcard-pin-env")
.conflicts_with_all(remote_initialization_args(Some(
"smartcard_pin_env",
)))
.action(ArgAction::Set)
.help("Environment variable holding the smartcard PIN"),
)
.arg(
Arg::new("input_path")
.action(ArgAction::Set)
.required(true)
.help("Path to Mach-O binary to sign"),
)
.arg(
Arg::new("output_path")
.action(ArgAction::Set)
.help("Path to signed Mach-O binary to write"),
),
));
let app = app.subcommand(
Command::new("staple")
.about("Staples a notarization ticket to an entity")
.arg(
Arg::new("path")
.action(ArgAction::Set)
.required(true)
.help("Path to entity to attempt to staple"),
),
);
let app = app.subcommand(
Command::new("verify")
.about("Verifies code signature data")
.arg(
Arg::new("path")
.action(ArgAction::Set)
.required(true)
.help("Path of Mach-O binary to examine"),
),
);
let app = app.subcommand(
Command::new("x509-oids")
.about("Print information about X.509 OIDs related to Apple code signing"),
);
let matches = app.get_matches();
// TODO make default log level warn once we audit logging sites.
let log_level = match matches.get_count("verbose") {
0 => LevelFilter::Info,
1 => LevelFilter::Debug,
_ => LevelFilter::Trace,
};
let mut builder = env_logger::Builder::from_env(
env_logger::Env::default().default_filter_or(log_level.as_str()),
);
// Disable log context except at higher log levels.
if log_level <= LevelFilter::Info {
builder
.format_timestamp(None)
.format_level(false)
.format_target(false);
}
// This spews unwanted output at default level. Nerf it by default.
if log_level == LevelFilter::Info {
builder.filter_module("rustls", LevelFilter::Error);
}
builder.init();
match matches.subcommand() {
Some(("analyze-certificate", args)) => command_analyze_certificate(args),
Some(("compute-code-hashes", args)) => command_compute_code_hashes(args),
Some(("diff-signatures", args)) => command_diff_signatures(args),
Some(("encode-app-store-connect-api-key", args)) => {
command_encode_app_store_connect_api_key(args)
}
Some(("extract", args)) => command_extract(args),
Some(("generate-certificate-signing-request", args)) => {
command_generate_certificate_signing_request(args)
}
Some(("generate-self-signed-certificate", args)) => {
command_generate_self_signed_certificate(args)
}
Some(("keychain-export-certificate-chain", args)) => {
command_keychain_export_certificate_chain(args)
}
Some(("keychain-print-certificates", args)) => command_keychain_print_certificates(args),
Some(("notary-log", args)) => command_notary_log(args),
Some(("notary-submit", args)) => command_notary_submit(args),
Some(("notary-wait", args)) => command_notary_wait(args),
Some(("parse-code-signing-requirement", args)) => {
command_parse_code_signing_requirement(args)
}
Some(("print-signature-info", args)) => command_print_signature_info(args),
Some(("remote-sign", args)) => command_remote_sign(args),
Some(("sign", args)) => command_sign(args),
Some(("smartcard-generate-key", args)) => command_smartcard_generate_key(args),
Some(("smartcard-import", args)) => command_smartcard_import(args),
Some(("smartcard-scan", args)) => command_smartcard_scan(args),
Some(("staple", args)) => command_staple(args),
Some(("verify", args)) => command_verify(args),
Some(("x509-oids", args)) => command_x509_oids(args),
_ => Err(AppleCodesignError::CliUnknownCommand),
}
}sourcepub fn from_strs(s: &[&str]) -> Result<CodeSignatureFlags, AppleCodesignError>
pub fn from_strs(s: &[&str]) -> Result<CodeSignatureFlags, AppleCodesignError>
Attempt to convert a series of strings into a CodeSignatureFlags.
Trait Implementations§
source§impl Binary for CodeSignatureFlags
impl Binary for CodeSignatureFlags
source§impl BitAndAssign<CodeSignatureFlags> for CodeSignatureFlags
impl BitAndAssign<CodeSignatureFlags> for CodeSignatureFlags
source§fn bitand_assign(&mut self, other: Self)
fn bitand_assign(&mut self, other: Self)
Disables all flags disabled in the set.
source§impl BitOr<CodeSignatureFlags> for CodeSignatureFlags
impl BitOr<CodeSignatureFlags> for CodeSignatureFlags
source§fn bitor(self, other: CodeSignatureFlags) -> Self
fn bitor(self, other: CodeSignatureFlags) -> Self
Returns the union of the two sets of flags.
§type Output = CodeSignatureFlags
type Output = CodeSignatureFlags
The resulting type after applying the
| operator.source§impl BitOrAssign<CodeSignatureFlags> for CodeSignatureFlags
impl BitOrAssign<CodeSignatureFlags> for CodeSignatureFlags
source§fn bitor_assign(&mut self, other: Self)
fn bitor_assign(&mut self, other: Self)
Adds the set of flags.
source§impl BitXorAssign<CodeSignatureFlags> for CodeSignatureFlags
impl BitXorAssign<CodeSignatureFlags> for CodeSignatureFlags
source§fn bitxor_assign(&mut self, other: Self)
fn bitxor_assign(&mut self, other: Self)
Toggles the set of flags.
source§impl Clone for CodeSignatureFlags
impl Clone for CodeSignatureFlags
source§fn clone(&self) -> CodeSignatureFlags
fn clone(&self) -> CodeSignatureFlags
Returns a copy of the value. Read more
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source. Read moresource§impl Debug for CodeSignatureFlags
impl Debug for CodeSignatureFlags
source§impl Default for CodeSignatureFlags
impl Default for CodeSignatureFlags
source§fn default() -> CodeSignatureFlags
fn default() -> CodeSignatureFlags
Returns the “default value” for a type. Read more
source§impl Extend<CodeSignatureFlags> for CodeSignatureFlags
impl Extend<CodeSignatureFlags> for CodeSignatureFlags
source§fn extend<T: IntoIterator<Item = Self>>(&mut self, iterator: T)
fn extend<T: IntoIterator<Item = Self>>(&mut self, iterator: T)
Extends a collection with the contents of an iterator. Read more
source§fn extend_one(&mut self, item: A)
fn extend_one(&mut self, item: A)
🔬This is a nightly-only experimental API. (
extend_one)Extends a collection with exactly one element.
source§fn extend_reserve(&mut self, additional: usize)
fn extend_reserve(&mut self, additional: usize)
🔬This is a nightly-only experimental API. (
extend_one)Reserves capacity in a collection for the given number of additional elements. Read more
source§impl FromIterator<CodeSignatureFlags> for CodeSignatureFlags
impl FromIterator<CodeSignatureFlags> for CodeSignatureFlags
source§fn from_iter<T: IntoIterator<Item = Self>>(iterator: T) -> Self
fn from_iter<T: IntoIterator<Item = Self>>(iterator: T) -> Self
Creates a value from an iterator. Read more
source§impl FromStr for CodeSignatureFlags
impl FromStr for CodeSignatureFlags
source§impl Hash for CodeSignatureFlags
impl Hash for CodeSignatureFlags
source§impl LowerHex for CodeSignatureFlags
impl LowerHex for CodeSignatureFlags
source§impl Not for CodeSignatureFlags
impl Not for CodeSignatureFlags
source§impl Octal for CodeSignatureFlags
impl Octal for CodeSignatureFlags
source§impl Ord for CodeSignatureFlags
impl Ord for CodeSignatureFlags
source§fn cmp(&self, other: &CodeSignatureFlags) -> Ordering
fn cmp(&self, other: &CodeSignatureFlags) -> Ordering
1.21.0 · source§fn max(self, other: Self) -> Selfwhere
Self: Sized,
fn max(self, other: Self) -> Selfwhere
Self: Sized,
Compares and returns the maximum of two values. Read more
source§impl PartialEq<CodeSignatureFlags> for CodeSignatureFlags
impl PartialEq<CodeSignatureFlags> for CodeSignatureFlags
source§fn eq(&self, other: &CodeSignatureFlags) -> bool
fn eq(&self, other: &CodeSignatureFlags) -> bool
This method tests for
self and other values to be equal, and is used
by ==.source§impl PartialOrd<CodeSignatureFlags> for CodeSignatureFlags
impl PartialOrd<CodeSignatureFlags> for CodeSignatureFlags
source§fn partial_cmp(&self, other: &CodeSignatureFlags) -> Option<Ordering>
fn partial_cmp(&self, other: &CodeSignatureFlags) -> Option<Ordering>
1.0.0 · source§fn le(&self, other: &Rhs) -> bool
fn le(&self, other: &Rhs) -> bool
This method tests less than or equal to (for
self and other) and is used by the <=
operator. Read moresource§impl Sub<CodeSignatureFlags> for CodeSignatureFlags
impl Sub<CodeSignatureFlags> for CodeSignatureFlags
source§impl SubAssign<CodeSignatureFlags> for CodeSignatureFlags
impl SubAssign<CodeSignatureFlags> for CodeSignatureFlags
source§fn sub_assign(&mut self, other: Self)
fn sub_assign(&mut self, other: Self)
Disables all flags enabled in the set.
source§impl UpperHex for CodeSignatureFlags
impl UpperHex for CodeSignatureFlags
impl Copy for CodeSignatureFlags
impl Eq for CodeSignatureFlags
impl StructuralEq for CodeSignatureFlags
impl StructuralPartialEq for CodeSignatureFlags
Auto Trait Implementations§
impl RefUnwindSafe for CodeSignatureFlags
impl Send for CodeSignatureFlags
impl Sync for CodeSignatureFlags
impl Unpin for CodeSignatureFlags
impl UnwindSafe for CodeSignatureFlags
Blanket Implementations§
§impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
§impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
§impl<T> Conv for T
impl<T> Conv for T
source§impl<Q, K> Equivalent<K> for Qwhere
Q: Eq + ?Sized,
K: Borrow<Q> + ?Sized,
impl<Q, K> Equivalent<K> for Qwhere
Q: Eq + ?Sized,
K: Borrow<Q> + ?Sized,
source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
Compare self to
key and return true if they are equal.§impl<T> FmtForward for T
impl<T> FmtForward for T
§fn fmt_binary(self) -> FmtBinary<Self>where
Self: Binary,
fn fmt_binary(self) -> FmtBinary<Self>where
Self: Binary,
Causes
self to use its Binary implementation when Debug-formatted.§fn fmt_display(self) -> FmtDisplay<Self>where
Self: Display,
fn fmt_display(self) -> FmtDisplay<Self>where
Self: Display,
Causes
self to use its Display implementation when
Debug-formatted.§fn fmt_lower_exp(self) -> FmtLowerExp<Self>where
Self: LowerExp,
fn fmt_lower_exp(self) -> FmtLowerExp<Self>where
Self: LowerExp,
Causes
self to use its LowerExp implementation when
Debug-formatted.§fn fmt_lower_hex(self) -> FmtLowerHex<Self>where
Self: LowerHex,
fn fmt_lower_hex(self) -> FmtLowerHex<Self>where
Self: LowerHex,
Causes
self to use its LowerHex implementation when
Debug-formatted.§fn fmt_octal(self) -> FmtOctal<Self>where
Self: Octal,
fn fmt_octal(self) -> FmtOctal<Self>where
Self: Octal,
Causes
self to use its Octal implementation when Debug-formatted.§fn fmt_pointer(self) -> FmtPointer<Self>where
Self: Pointer,
fn fmt_pointer(self) -> FmtPointer<Self>where
Self: Pointer,
Causes
self to use its Pointer implementation when
Debug-formatted.§fn fmt_upper_exp(self) -> FmtUpperExp<Self>where
Self: UpperExp,
fn fmt_upper_exp(self) -> FmtUpperExp<Self>where
Self: UpperExp,
Causes
self to use its UpperExp implementation when
Debug-formatted.§fn fmt_upper_hex(self) -> FmtUpperHex<Self>where
Self: UpperHex,
fn fmt_upper_hex(self) -> FmtUpperHex<Self>where
Self: UpperHex,
Causes
self to use its UpperHex implementation when
Debug-formatted.§fn fmt_list(self) -> FmtList<Self>where
&'a Self: for<'a> IntoIterator,
fn fmt_list(self) -> FmtList<Self>where
&'a Self: for<'a> IntoIterator,
Formats each item in a sequence. Read more
source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
§impl<T> Pipe for Twhere
T: ?Sized,
impl<T> Pipe for Twhere
T: ?Sized,
§fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> Rwhere
Self: Sized,
fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> Rwhere
Self: Sized,
Pipes by value. This is generally the method you want to use. Read more
§fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> Rwhere
R: 'a,
fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> Rwhere
R: 'a,
Borrows
self and passes that borrow into the pipe function. Read more§fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> Rwhere
R: 'a,
fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> Rwhere
R: 'a,
Mutably borrows
self and passes that borrow into the pipe function. Read more§fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> Rwhere
Self: Borrow<B>,
B: 'a + ?Sized,
R: 'a,
fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> Rwhere
Self: Borrow<B>,
B: 'a + ?Sized,
R: 'a,
§fn pipe_borrow_mut<'a, B, R>(
&'a mut self,
func: impl FnOnce(&'a mut B) -> R
) -> Rwhere
Self: BorrowMut<B>,
B: 'a + ?Sized,
R: 'a,
fn pipe_borrow_mut<'a, B, R>(
&'a mut self,
func: impl FnOnce(&'a mut B) -> R
) -> Rwhere
Self: BorrowMut<B>,
B: 'a + ?Sized,
R: 'a,
§fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> Rwhere
Self: AsRef<U>,
U: 'a + ?Sized,
R: 'a,
fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> Rwhere
Self: AsRef<U>,
U: 'a + ?Sized,
R: 'a,
Borrows
self, then passes self.as_ref() into the pipe function.§fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> Rwhere
Self: AsMut<U>,
U: 'a + ?Sized,
R: 'a,
fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> Rwhere
Self: AsMut<U>,
U: 'a + ?Sized,
R: 'a,
Mutably borrows
self, then passes self.as_mut() into the pipe
function.§impl<T> Pointable for T
impl<T> Pointable for T
§impl<T> Tap for T
impl<T> Tap for T
§fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Selfwhere
Self: Borrow<B>,
B: ?Sized,
fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Selfwhere
Self: Borrow<B>,
B: ?Sized,
Immutable access to the
Borrow<B> of a value. Read more§fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Selfwhere
Self: BorrowMut<B>,
B: ?Sized,
fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Selfwhere
Self: BorrowMut<B>,
B: ?Sized,
Mutable access to the
BorrowMut<B> of a value. Read more§fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Selfwhere
Self: AsRef<R>,
R: ?Sized,
fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Selfwhere
Self: AsRef<R>,
R: ?Sized,
Immutable access to the
AsRef<R> view of a value. Read more§fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Selfwhere
Self: AsMut<R>,
R: ?Sized,
fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Selfwhere
Self: AsMut<R>,
R: ?Sized,
Mutable access to the
AsMut<R> view of a value. Read more§fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Selfwhere
Self: Deref<Target = T>,
T: ?Sized,
fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Selfwhere
Self: Deref<Target = T>,
T: ?Sized,
Immutable access to the
Deref::Target of a value. Read more§fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Selfwhere
Self: DerefMut<Target = T> + Deref,
T: ?Sized,
fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Selfwhere
Self: DerefMut<Target = T> + Deref,
T: ?Sized,
Mutable access to the
Deref::Target of a value. Read more§fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self
fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self
Calls
.tap() only in debug builds, and is erased in release builds.§fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self
fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self
Calls
.tap_mut() only in debug builds, and is erased in release
builds.§fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Selfwhere
Self: Borrow<B>,
B: ?Sized,
fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Selfwhere
Self: Borrow<B>,
B: ?Sized,
Calls
.tap_borrow() only in debug builds, and is erased in release
builds.§fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Selfwhere
Self: BorrowMut<B>,
B: ?Sized,
fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Selfwhere
Self: BorrowMut<B>,
B: ?Sized,
Calls
.tap_borrow_mut() only in debug builds, and is erased in release
builds.§fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Selfwhere
Self: AsRef<R>,
R: ?Sized,
fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Selfwhere
Self: AsRef<R>,
R: ?Sized,
Calls
.tap_ref() only in debug builds, and is erased in release
builds.§fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Selfwhere
Self: AsMut<R>,
R: ?Sized,
fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Selfwhere
Self: AsMut<R>,
R: ?Sized,
Calls
.tap_ref_mut() only in debug builds, and is erased in release
builds.