Debugging code signing, added error checking for my xattr code and discovered that arm xattrs aren't being persisted

2024-11-22 16:24:00 +01:00 · 2022-05-22 20:08:30 -07:00 · 2022-05-22 20:08:30 -07:00 · 677b596d49
commit 677b596d49
parent 47d13a9c27
2 changed files with 13 additions and 8 deletions
--- a/.github/workflows/build-and-sign-macos.yml
+++ b/.github/workflows/build-and-sign-macos.yml
@ -48,6 +48,7 @@ jobs:
            --arg cr1 "$CR1" \
            --arg cs "$CS" \
            '{"cd": $cd, "cr": $cr, "cr1": $cr1, "cs": $cs}' > hishtory-darwin-arm64-xattr.json
+          cat hishtory-darwin-arm64-xattr.json
          echo "Exporting xattr for hishtory-darwin-amd64"
          export CD=`xattr -p com.apple.cs.CodeDirectory hishtory-darwin-amd64`
          export CR=`xattr -p com.apple.cs.CodeRequirements hishtory-darwin-amd64`
@ -59,6 +60,7 @@ jobs:
            --arg cr1 "$CR1" \
            --arg cs "$CS" \
            '{"cd": $cd, "cr": $cr, "cr1": $cr1, "cs": $cs}' > hishtory-darwin-amd64-xattr.json
+          cat hishtory-darwin-amd64-xattr.json
      - name: Release
        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
--- a/client/lib/lib.go
+++ b/client/lib/lib.go
@ -740,6 +740,9 @@ func parseXattr(xattrDump string) (darwinCodeSignature, error) {
 	if err != nil {
 		return xattr, fmt.Errorf("failed to parse xattr: %v", err)
 	}
+	if xattr.Cd == "" || xattr.Cr == "" || xattr.Cr1 == "" || xattr.Cs == "" {
+		return xattr, fmt.Errorf("xattr=%#v has empty attributes, failed to set code signatures", xattr)
+	}
 	return xattr, nil
 }

@ -753,27 +756,28 @@ func parseHex(input string) []byte {
 	return data
 }

-func setXattr(filename, xattrDump string) {
+func setXattr(filename, xattrDump string) error {
 	x, err := parseXattr(xattrDump)
 	if err != nil {
-		panic(fmt.Errorf("failed to parse xattr file: %v", err))
+		return fmt.Errorf("failed to parse xattr file: %v", err)
 	}
 	err = unix.Setxattr(filename, "com.apple.cs.CodeDirectory", parseHex(x.Cd), 0)
 	if err != nil {
-		panic(fmt.Errorf("failed to set xattr com.apple.cs.CodeDirectory on file %#v: %v", filename, err))
+		return fmt.Errorf("failed to set xattr com.apple.cs.CodeDirectory on file %#v: %v", filename, err)
 	}
 	err = unix.Setxattr(filename, "com.apple.cs.CodeRequirements", parseHex(x.Cr), 0)
 	if err != nil {
-		panic(fmt.Errorf("failed to set xattr com.apple.cs.CodeRequirements on file %#v: %v", filename, err))
+		return fmt.Errorf("failed to set xattr com.apple.cs.CodeRequirements on file %#v: %v", filename, err)
 	}
 	err = unix.Setxattr(filename, "com.apple.cs.CodeRequirements-1", parseHex(x.Cr1), 0)
 	if err != nil {
-		panic(fmt.Errorf("failed to set xattr com.apple.cs.CodeRequirements-1 on file %#v: %v", filename, err))
+		return fmt.Errorf("failed to set xattr com.apple.cs.CodeRequirements-1 on file %#v: %v", filename, err)
 	}
 	err = unix.Setxattr(filename, "com.apple.cs.CodeSignature", parseHex(x.Cs), 0)
 	if err != nil {
-		panic(fmt.Errorf("failed to set xattr com.apple.cs.CodeSignature on file %#v: %v", filename, err))
+		return fmt.Errorf("failed to set xattr com.apple.cs.CodeSignature on file %#v: %v", filename, err)
 	}
+	return nil
 }

 func setCodesigningXattrs(downloadInfo shared.UpdateInfo, filename string) error {
@ -800,8 +804,7 @@ func setCodesigningXattrs(downloadInfo shared.UpdateInfo, filename string) error
 	if err != nil {
 		return fmt.Errorf("failed to read response body from GET %s: %v", url, err)
 	}
-	setXattr(filename, string(xattrDump))
-	return nil
+	return setXattr(filename, string(xattrDump))
 }

 func IsOfflineError(err error) bool {