Skip to content

[macOS] Code-signing native assets #148051

New issue
New issue
Closed
#148310
Closed
[macOS] Code-signing native assets#148051
#148310
Assignees
knopp
Labels
P2Important issues not at the top of the work lista: buildBuilding flutter applications with the toolplatform-macBuilding on or for macOS specificallyr: fixedIssue is closed as already fixed in a newer versionteam-toolOwned by Flutter Tool teamtoolAffects the "flutter" command-line tool. See also t: labels.triaged-toolTriaged by Flutter Tool team
@knopp

Description

@knopp
knopp
opened on May 9, 2024

Currently App.framework and FlutterMacOS.framework are codesigned in macos_assemble.sh:

flutter/packages/flutter_tools/bin/macos_assemble.sh

Lines 180 to 183 in 607a3da

if [[ -n "${EXPANDED_CODE_SIGN_IDENTITY:-}" ]]; then
RunCommand codesign --force --verbose --sign "${EXPANDED_CODE_SIGN_IDENTITY}" -- "${xcode_frameworks_dir}/App.framework/App"
RunCommand codesign --force --verbose --sign "${EXPANDED_CODE_SIGN_IDENTITY}" -- "${xcode_frameworks_dir}/FlutterMacOS.framework/FlutterMacOS"
fi

I think same thing should be done for native assets, otherwise they keep the adhoc signature, which fails to load at runtime with SIP enabled:

`.../native_regex_pcre2.framework/Versions/A/native_regex_pcre2` not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs)

(not sure if this is also relevant for iOS, but if the codesigning is part of assemble it might)

cc @dcharkes

Metadata

Metadata

Assignees

Labels

P2Important issues not at the top of the work lista: buildBuilding flutter applications with the toolplatform-macBuilding on or for macOS specificallyr: fixedIssue is closed as already fixed in a newer versionteam-toolOwned by Flutter Tool teamtoolAffects the "flutter" command-line tool. See also t: labels.triaged-toolTriaged by Flutter Tool team

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions