Skip to content

[repl_swift] Delete codesigning override #1945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 13, 2020
Merged

[repl_swift] Delete codesigning override #1945

merged 1 commit into from
Oct 13, 2020

Conversation

vedantk
Copy link

@vedantk vedantk commented Oct 13, 2020
edited
Loading

The OSS package build reports lldb-macosx-arm64/bin/repl_swift: is already signed.

It looks like the codesigning override for repl_swift is causing the binary to be signed twice.

@vedantk
[repl_swift] Delete codesigning override
86d1260 
This might be causing codesigning to occur multiple times during a fat
package build.

rdar://70237254
@vedantk
Copy link
Author

vedantk commented Oct 13, 2020

@swift-ci Please Build Toolchain macOS Platform

@vedantk
Copy link
Author

vedantk commented Oct 13, 2020

@swift-ci test

@kastiglione
Copy link

The signing was introduced in 400559d "[CMake] install-distribution support for swift-lldb on Darwin". Are we sure that it can be removed?

@vedantk
Copy link
Author

vedantk commented Oct 13, 2020

The signing was introduced in 400559d "[CMake] install-distribution support for swift-lldb on Darwin". Are we sure that it can be removed?

Not yet, I'm running ./utils/build-toolchain test locally to verify.

But, I suspect it can be removed. We don't override LLVM_CODESIGNING_IDENTITY for other distribution components. If codesigning is required for a local (development) build, a -DLLVM_CODESIGNING_IDENTITY should be passed at CMake configure time, and add_lldb_tool should take care of applying the signing. For a toolchain/package build, the toolchain-codesign tool should take care of signing.

@vedantk
Copy link
Author

vedantk commented Oct 13, 2020

Looks like the linker is ad hoc signing Apple Silicon binaries by default - this explains why the error doesn't pop up on x86_64.

So to recap:

  • For a local build on Apple Silicon, no LLVM_CODESIGNING_IDENTITY is required
  • For a local build on x86, if the OS requires codesigning, -DLLVM_CODESIGNING_IDENTITY should be specified at CMake configure time
  • We don't need to ad hoc sign for the embedded build (the signature is added in a post-build step)

@fredriss
Copy link

@vedantk I haven't checked if that's the case here, but one reason to add explicit code signing to a binary is to be able to give it entitlements. You cannot add entitlements without a code signature. I wouldn't be surprised if repl_swift needs entitlements .

@vedantk
Copy link
Author

vedantk commented Oct 13, 2020

@fredriss I see. It looks like we do add entitlements for debugserver, but not for repl_swift.

@vedantk vedantk merged commit 5931fab into swiftlang:swift/main Oct 13, 2020
@vedantk vedantk deleted the eng/PR-70237254 branch October 13, 2020 19:45
@vedantk vedantk mentioned this pull request Oct 13, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JDevlieghere JDevlieghere JDevlieghere approved these changes

@fredriss fredriss Awaiting requested review from fredriss

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vedantk @kastiglione @fredriss @JDevlieghere