bug: code signing command is not the last loader command, so cannot remove it (easily) without corrupting the binary error

[cfergeau]

What happened:

I'm getting this error code signing command is not the last loader command, so cannot remove it (easily) without corrupting the binary quite often with binaries built with golang 1.21. Looking at them with machoview, there's a LC_SEGMENT_64 (__DWARF) command after the LC_CODE_SIGNATURE command, so it's expected that isSigningCommandLastLoader reports false

What you expected to happen:

No error, and a signed binary :)

How to reproduce it (as minimally and precisely as possible):

I can reproduce this with the binaries from https://github.com/crc-org/crc or https://github.com/crc-org/vfkit

Anything else we need to know?:

Looking at the code quill/macho/file.go and at the outptu of machoview , it looks like it should be doable to either reorder the load commands (they are only pointers to other parts of the file), or to reuse the signature command instead of first removing it, and then recreating it. The signature command, while not last in the load commands array, contains an offset + len which correspond to the end of the file (ie offset + len == total filesize) so we could replace this signature with the newly computed one.

Environment:
I've been seeing this with golang 1.21 on an m1 laptop.

$ sw_vers
ProductName:		macOS
ProductVersion:		14.3.1
BuildVersion:		23D60

[tgerla]

Hi @cfergeau, thanks for the report. We'll take a look as soon as we can.

[spiffcs]

Thanks for the entitlement support @cfergeau - before I do a release (when I have some time) I can look at this bug too and make sure it's resolved before the next quill goes out. We really appreciate the reports here =)

[wagoodman]

Looks like what is needed here is to be able to rewrite the remaining loader commands that follow the signing loader command if the new signing loader command is of a different size.