On Fri, Apr 12, 2019 at 11:34 PM welle Ozean via par <par@perl.org> wrote:
> I need some help with the following issue. I need to codesign my macOS > .app containing an executable created with pp. Unfortunately code signing > fails with the error 'main executable failed strict validation' > It's helpful to know what an executable created by pp is made up of: 1. an actual executable (it's the same for any executable created by pp) 2. a zip file contaning Perl modules, scripts, DLLs, data etc 3. other stuff, e.g. a bunch of essential Perl modules (not in the zip), a SHA1 and the PAR "signature" "\nPAR.pm\n" These parts are simply concatenated. Note that the extra stuff in 2 and 3 is not reflected in the (Mach-O, ELF etc depending on the OS) headers of the actual executable. One can easily demonstrate this by running the pp created executable thru "strip" - this removes parts 2 and 3, rendering the result a valid executable, but no longer working for PAR. I found this > https://stackoverflow.com/questions/28863500/code-signing-in-mac-with-perl-scripts-compiled-with-parpacker-fails > but I am not sure if it has to do with pp and, furthermore, there is not a > complete solution. > It's conceivable that one can write a program to manipulate the Mach-O headers of the executabe so that parts 2 and 3 become "legitimate" sections of the executable. I don't know whether the Python script mentioned in the stackoverflow achieves that. Note that the problem - that the PAR signature has to be the last thing in the executable - has since been relaxed, it will be searched for in the last 128 kB of the executable, so appending stuff (e.g. the "codesign" signature) should be safe. Cheers, Roderich