Sign a simple application bundle
```
$ mkdir -p MyApp.app/Contents/MacOS
$ rcodesign debug-create-macho MyApp.app/Contents/MacOS/MyApp
assuming default minimum version 11.0.0
writing Mach-O to MyApp.app/Contents/MacOS/MyApp
$ rcodesign sign MyApp.app MyApp.app.signed
? 1
signing MyApp.app to MyApp.app.signed
signing bundle at MyApp.app
Error: error interfacing with directory-based bundle: Info.plist not found; not a valid bundle
$ rcodesign debug-create-info-plist --bundle-name MyApp MyApp.app/Contents/Info.plist
writing MyApp.app/Contents/Info.plist
$ mkdir -p MyApp.app/Resources
$ touch MyApp.app/Resources/file-00.txt
$ touch MyApp.app/Resources/file-01.txt
$ rcodesign sign MyApp.app MyApp.app.signed
signing MyApp.app to MyApp.app.signed
signing bundle at MyApp.app
signing bundle at MyApp.app into MyApp.app.signed
signing main executable Contents/MacOS/MyApp
$ rcodesign debug-file-tree MyApp.app.signed
d MyApp.app.signed/
d MyApp.app.signed/Contents
f 0a5902dc8e47f490d038 MyApp.app.signed/Contents/Info.plist
d MyApp.app.signed/Contents/MacOS
f 0e2027a7c6d687972a35 MyApp.app.signed/Contents/MacOS/MyApp
d MyApp.app.signed/Contents/_CodeSignature
f c844b31db66807774bd8 MyApp.app.signed/Contents/_CodeSignature/CodeResources
d MyApp.app.signed/Resources
f e3b0c44298fc1c149afb MyApp.app.signed/Resources/file-00.txt
f e3b0c44298fc1c149afb MyApp.app.signed/Resources/file-01.txt
$ rcodesign print-signature-info MyApp.app.signed
- path: Contents/Info.plist
file_size: 576
file_sha256: 0a5902dc8e47f490d03889d3593d17bddbf79e6c1f79494e20dd28f9459effa5
entity: other
- path: Contents/MacOS/MyApp
file_size: 22544
file_sha256: 0e2027a7c6d687972a3526c512cc89e3acd5f5654a1e8a639862d6b72ed3d59d
entity:
mach_o:
macho_linkedit_start_offset: 16384 / 0x4000
macho_signature_start_offset: 16400 / 0x4010
macho_signature_end_offset: 16821 / 0x41b5
macho_linkedit_end_offset: 22544 / 0x5810
macho_end_offset: 22544 / 0x5810
linkedit_signature_start_offset: 16 / 0x10
linkedit_signature_end_offset: 437 / 0x1b5
linkedit_bytes_after_signature: 5723 / 0x165b
signature:
superblob_length: 421 / 0x1a5
blob_count: 3
blobs:
- slot: CodeDirectory (0)
magic: fade0c02
length: 365
sha1: ea937121b2d2b4be4dd8d37e1b884e7f1c2201af
sha256: 3dfec63df494ed0e2dfeedf5d13a70b46b957bd73830cd7644a12e0ce6f08c00
- slot: RequirementSet (2)
magic: fade0c01
length: 12
sha1: 3a75f6db058529148e14dd7ea1b4729cc09ec973
sha256: 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986
- slot: CMS Signature (65536)
magic: fade0b01
length: 8
sha1: 2a7254313aa41796079bb0e9d0f044345f69f98b
sha256: e6c83bc98a10348492c7d4d2378a54572ef29e1a5692ccd02b5e29f4b762d6a0
code_directory:
version: '0x20400'
flags: CodeSignatureFlags(ADHOC)
identifier: com.example.mybundle
digest_type: sha256
platform: 0
signed_entity_size: 16400
executable_segment_flags: ExecutableSegmentFlags(MAIN_BINARY)
code_digests_count: 5
slot_digests:
- 'Info (1): 0a5902dc8e47f490d03889d3593d17bddbf79e6c1f79494e20dd28f9459effa5'
- 'RequirementSet (2): 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986'
- 'Resources (3): c844b31db66807774bd8ea00afe62cae1254bf6dfed2fa30d1204449d3c7e943'
cms: null
- path: Contents/_CodeSignature/CodeResources
file_size: 2672
file_sha256: c844b31db66807774bd8ea00afe62cae1254bf6dfed2fa30d1204449d3c7e943
entity:
bundle_code_signature_file: !ResourcesXml
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
- <plist version="1.0">
- <dict>
- ' <key>files</key>'
- ' <dict>'
- ' <key>Resources/file-00.txt</key>'
- ' <data>'
- ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk='
- ' </data>'
- ' <key>Resources/file-01.txt</key>'
- ' <data>'
- ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk='
- ' </data>'
- ' </dict>'
- ' <key>files2</key>'
- ' <dict>'
- ' <key>Resources/file-00.txt</key>'
- ' <dict>'
- ' <key>hash2</key>'
- ' <data>'
- ' 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
- ' </data>'
- ' </dict>'
- ' <key>Resources/file-01.txt</key>'
- ' <dict>'
- ' <key>hash2</key>'
- ' <data>'
- ' 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
- ' </data>'
- ' </dict>'
- ' </dict>'
- ' <key>rules</key>'
- ' <dict>'
- ' <key>^Resources/</key>'
- ' <true/>'
- ' <key>^Resources/.*/.lproj/</key>'
- ' <dict>'
- ' <key>optional</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1000</real>'
- ' </dict>'
- ' <key>^Resources/.*/.lproj/locversion.plist$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1100</real>'
- ' </dict>'
- ' <key>^Resources/Base/.lproj/</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>1010</real>'
- ' </dict>'
- ' <key>^version.plist$</key>'
- ' <true/>'
- ' </dict>'
- ' <key>rules2</key>'
- ' <dict>'
- ' <key>.*/.dSYM($|/)</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>11</real>'
- ' </dict>'
- ' <key>^(.*/)?/.DS_Store$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>2000</real>'
- ' </dict>'
- ' <key>^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/</key>'
- ' <dict>'
- ' <key>nested</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>10</real>'
- ' </dict>'
- ' <key>^.*</key>'
- ' <true/>'
- ' <key>^Info/.plist$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^PkgInfo$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^Resources/</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^Resources/.*/.lproj/</key>'
- ' <dict>'
- ' <key>optional</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1000</real>'
- ' </dict>'
- ' <key>^Resources/.*/.lproj/locversion.plist$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1100</real>'
- ' </dict>'
- ' <key>^Resources/Base/.lproj/</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>1010</real>'
- ' </dict>'
- ' <key>^[^/]+$</key>'
- ' <dict>'
- ' <key>nested</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>10</real>'
- ' </dict>'
- ' <key>^embedded/.provisionprofile$</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^version/.plist$</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' </dict>'
- </dict>
- </plist>
- ''
- path: Resources/file-00.txt
file_size: 0
file_sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
entity: other
- path: Resources/file-01.txt
file_size: 0
file_sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
entity: other
```
Signing a bundle with an executable without targeting activates SHA-1 digests
```
$ mkdir -p MyApp.app/Contents/MacOS
$ rcodesign debug-create-macho --no-targeting MyApp.app/Contents/MacOS/MyApp
writing Mach-O to MyApp.app/Contents/MacOS/MyApp
$ rcodesign debug-create-info-plist --bundle-name MyApp MyApp.app/Contents/Info.plist
writing MyApp.app/Contents/Info.plist
$ rcodesign sign MyApp.app MyApp.app.signed
signing MyApp.app to MyApp.app.signed
signing bundle at MyApp.app
signing bundle at MyApp.app into MyApp.app.signed
signing main executable Contents/MacOS/MyApp
$ rcodesign print-signature-info MyApp.app.signed
- path: Contents/Info.plist
file_size: 576
file_sha256: 0a5902dc8e47f490d03889d3593d17bddbf79e6c1f79494e20dd28f9459effa5
entity: other
- path: Contents/MacOS/MyApp
file_size: 23568
file_sha256: 0e1c406b4bd8ac2a94a79c325db69a2a19876c753971284c4c45468e047505f4
entity:
mach_o:
macho_linkedit_start_offset: 16384 / 0x4000
macho_signature_start_offset: 16400 / 0x4010
macho_signature_end_offset: 17098 / 0x42ca
macho_linkedit_end_offset: 23568 / 0x5c10
macho_end_offset: 23568 / 0x5c10
linkedit_signature_start_offset: 16 / 0x10
linkedit_signature_end_offset: 714 / 0x2ca
linkedit_bytes_after_signature: 6470 / 0x1946
signature:
superblob_length: 698 / 0x2ba
blob_count: 4
blobs:
- slot: CodeDirectory (0)
magic: fade0c02
length: 269
sha1: daa7889f0fc39e6920ab2f468b80b06e04f714f5
sha256: f9530a6c35ec6da7f21a047873953248668b59a63d3879754781c5ff5d8b5038
- slot: RequirementSet (2)
magic: fade0c01
length: 12
sha1: 3a75f6db058529148e14dd7ea1b4729cc09ec973
sha256: 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986
- slot: 'CodeDirectory Alternate #0 (4096)'
magic: fade0c02
length: 365
sha1: 78b08e2a2b243714a59975d7db86d0c77164a9f3
sha256: 0210dbf647e161423f7ed74183dca566bc6e6e1b7a045079002b660385c5a26c
- slot: CMS Signature (65536)
magic: fade0b01
length: 8
sha1: 2a7254313aa41796079bb0e9d0f044345f69f98b
sha256: e6c83bc98a10348492c7d4d2378a54572ef29e1a5692ccd02b5e29f4b762d6a0
code_directory:
version: '0x20400'
flags: CodeSignatureFlags(ADHOC)
identifier: com.example.mybundle
digest_type: sha1
platform: 0
signed_entity_size: 16400
executable_segment_flags: ExecutableSegmentFlags(MAIN_BINARY)
code_digests_count: 5
slot_digests:
- 'Info (1): 65bf1c26bc63ccdfe6688cc787b06f88f3435ef0'
- 'RequirementSet (2): 3a75f6db058529148e14dd7ea1b4729cc09ec973'
- 'Resources (3): bba07ca7abb366417d2b426b767c25838f5aeb58'
alternative_code_directories:
- - 'CodeDirectory Alternate #0 (4096)'
- version: '0x20400'
flags: CodeSignatureFlags(ADHOC)
identifier: com.example.mybundle
digest_type: sha256
platform: 0
signed_entity_size: 16400
executable_segment_flags: ExecutableSegmentFlags(MAIN_BINARY)
code_digests_count: 5
slot_digests:
- 'Info (1): 0a5902dc8e47f490d03889d3593d17bddbf79e6c1f79494e20dd28f9459effa5'
- 'RequirementSet (2): 987920904eab650e75788c054aa0b0524e6a80bfc71aa32df8d237a61743f986'
- 'Resources (3): ba6147622a84edef406a5bc43b6ba041cef593326e34c5c53e662f9f57343263'
cms: null
- path: Contents/_CodeSignature/CodeResources
file_size: 2816
file_sha256: ba6147622a84edef406a5bc43b6ba041cef593326e34c5c53e662f9f57343263
entity:
bundle_code_signature_file: !ResourcesXml
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
- <plist version="1.0">
- <dict>
- ' <key>files</key>'
- ' <dict>'
- ' <key>Resources/file-00.txt</key>'
- ' <data>'
- ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk='
- ' </data>'
- ' <key>Resources/file-01.txt</key>'
- ' <data>'
- ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk='
- ' </data>'
- ' </dict>'
- ' <key>files2</key>'
- ' <dict>'
- ' <key>Resources/file-00.txt</key>'
- ' <dict>'
- ' <key>hash</key>'
- ' <data>'
- ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk='
- ' </data>'
- ' <key>hash2</key>'
- ' <data>'
- ' 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
- ' </data>'
- ' </dict>'
- ' <key>Resources/file-01.txt</key>'
- ' <dict>'
- ' <key>hash</key>'
- ' <data>'
- ' 2jmj7l5rSw0yVb/vlWAYkK/YBwk='
- ' </data>'
- ' <key>hash2</key>'
- ' <data>'
- ' 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
- ' </data>'
- ' </dict>'
- ' </dict>'
- ' <key>rules</key>'
- ' <dict>'
- ' <key>^Resources/</key>'
- ' <true/>'
- ' <key>^Resources/.*/.lproj/</key>'
- ' <dict>'
- ' <key>optional</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1000</real>'
- ' </dict>'
- ' <key>^Resources/.*/.lproj/locversion.plist$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1100</real>'
- ' </dict>'
- ' <key>^Resources/Base/.lproj/</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>1010</real>'
- ' </dict>'
- ' <key>^version.plist$</key>'
- ' <true/>'
- ' </dict>'
- ' <key>rules2</key>'
- ' <dict>'
- ' <key>.*/.dSYM($|/)</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>11</real>'
- ' </dict>'
- ' <key>^(.*/)?/.DS_Store$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>2000</real>'
- ' </dict>'
- ' <key>^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/</key>'
- ' <dict>'
- ' <key>nested</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>10</real>'
- ' </dict>'
- ' <key>^.*</key>'
- ' <true/>'
- ' <key>^Info/.plist$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^PkgInfo$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^Resources/</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^Resources/.*/.lproj/</key>'
- ' <dict>'
- ' <key>optional</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1000</real>'
- ' </dict>'
- ' <key>^Resources/.*/.lproj/locversion.plist$</key>'
- ' <dict>'
- ' <key>omit</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>1100</real>'
- ' </dict>'
- ' <key>^Resources/Base/.lproj/</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>1010</real>'
- ' </dict>'
- ' <key>^[^/]+$</key>'
- ' <dict>'
- ' <key>nested</key>'
- ' <true/>'
- ' <key>weight</key>'
- ' <real>10</real>'
- ' </dict>'
- ' <key>^embedded/.provisionprofile$</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' <key>^version/.plist$</key>'
- ' <dict>'
- ' <key>weight</key>'
- ' <real>20</real>'
- ' </dict>'
- ' </dict>'
- </dict>
- </plist>
- ''
- path: Resources/file-00.txt
file_size: 0
file_sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
entity: other
- path: Resources/file-01.txt
file_size: 0
file_sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
entity: other
```