| commit | 7507fb2859c12f6c561efc23d48dd1be0fc6cdee | |
| author | monojenkins <jo.shields+jenkins@xamarin.com> | |
| Thu, 10 Sep 2020 14:07:12 +0000 (10 10:07 -0400) | ||
| committer | GitHub <noreply@github.com> | |
| Thu, 10 Sep 2020 14:07:12 +0000 (10 10:07 -0400) | ||
| tree | 51a2be3228fb6c8bed8a3141384a25b36928136c | treesnapshot (tar.gz zip) |
| parent | e368cf51d8233bee7b0fcbc5174fe7030c882407 | commitdiff |
[2020-02] Issue18826 fix (#20358)
* Look for "xmonkeysloveplay" also at the end of LC_SYMTAB section, for signed Mac OS X binaries
This extends Miguel de Icaza's previous work on allowing mono to load embedded
assemblies / shared libraries, which was in turn a workaround on recent
Mac OS X's increased security (and stopping LD_LIBRARY_PATH and friends from
working). Miguel de Icaza came up with the idea of appending all of those
embedded assemblies / shared libraries to the end of mono's main executable,
and getting it to look at its own file and unpacking resources from an offset
number + "xmonkeysloveplay" written to the end of file.
Even more recent Mac OS X starts to prefer /require binaries to be code-signed.
Code signing appends a "LC_CODE_SIGNATURE" section to the binary, thus breaking
mono's embedded resource-loading. Also code-signing requires that the binary
has no unknown parts.
To make mkbundle / mono embedded resource-loading work in a code-signing
situation, two parts are required:
- adjust mkbundle to extend the LC_SYMTAB section to cover the appended
assemblies / shared libraries, so code-signing can happen.
( addresses https://github.com/mono/mono/issues/17881 )
- adjust mono's main executable to also look at the end of the LC_SYMTAB
section for the magic offset + "xmonkeysloveplay" token to find the embedded
resources.
( addresses https://github.com/mono/mono/issues/18826 )
This change addresses the 2nd of the above. I also tried looking for the
presence and beginnig of the LC_CODE_SIGNATURE section, but that proves
unreliable: Code-signing can pad a few null bytes after "xmonkeysloveplay"
to align the LC_CODE_SIGNATURE section to an 8(?)-byte boundary.
* saving offset before read, so later lseek does not need to backtrack on the read
This is a small simplification of the previous commit on this part of code.
* fixes wrong drop-through from mis-positioning of #endif
* Update mono/mini/main.c
Adding spaces for clarity
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
* Update mono/mini/main.c
Adding spaces for clarity
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
* Update mono/mini/main.c
Adding spaces for clarity
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
* Update mono/mini/main.c
Adding spaces for clarity
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
* Update mono/mini/main.c
Added comment about what's going on.
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
* Adding comments for clarity
* rename variable "h" to "bin_header", for clarity
* Limit Apple code-signing work around to only the desktop OS (vs iDevices/TV)
* remove stylistic "else"; no change in functionality
Co-authored-by: Hin-Tak Leung <htl10@users.sourceforge.net>
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
* Look for "xmonkeysloveplay" also at the end of LC_SYMTAB section, for signed Mac OS X binaries
This extends Miguel de Icaza's previous work on allowing mono to load embedded
assemblies / shared libraries, which was in turn a workaround on recent
Mac OS X's increased security (and stopping LD_LIBRARY_PATH and friends from
working). Miguel de Icaza came up with the idea of appending all of those
embedded assemblies / shared libraries to the end of mono's main executable,
and getting it to look at its own file and unpacking resources from an offset
number + "xmonkeysloveplay" written to the end of file.
Even more recent Mac OS X starts to prefer /require binaries to be code-signed.
Code signing appends a "LC_CODE_SIGNATURE" section to the binary, thus breaking
mono's embedded resource-loading. Also code-signing requires that the binary
has no unknown parts.
To make mkbundle / mono embedded resource-loading work in a code-signing
situation, two parts are required:
- adjust mkbundle to extend the LC_SYMTAB section to cover the appended
assemblies / shared libraries, so code-signing can happen.
( addresses https://github.com/mono/mono/issues/17881 )
- adjust mono's main executable to also look at the end of the LC_SYMTAB
section for the magic offset + "xmonkeysloveplay" token to find the embedded
resources.
( addresses https://github.com/mono/mono/issues/18826 )
This change addresses the 2nd of the above. I also tried looking for the
presence and beginnig of the LC_CODE_SIGNATURE section, but that proves
unreliable: Code-signing can pad a few null bytes after "xmonkeysloveplay"
to align the LC_CODE_SIGNATURE section to an 8(?)-byte boundary.
* saving offset before read, so later lseek does not need to backtrack on the read
This is a small simplification of the previous commit on this part of code.
* fixes wrong drop-through from mis-positioning of #endif
* Update mono/mini/main.c
Adding spaces for clarity
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
* Update mono/mini/main.c
Adding spaces for clarity
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
* Update mono/mini/main.c
Adding spaces for clarity
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
* Update mono/mini/main.c
Adding spaces for clarity
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
* Update mono/mini/main.c
Added comment about what's going on.
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
* Adding comments for clarity
* rename variable "h" to "bin_header", for clarity
* Limit Apple code-signing work around to only the desktop OS (vs iDevices/TV)
* remove stylistic "else"; no change in functionality
Co-authored-by: Hin-Tak Leung <htl10@users.sourceforge.net>
Co-authored-by: Ryan Lucia <ryan@luciaonline.net>
| mono/mini/main.c | diffblobblamehistory |