Comment by john_alan
3 months ago
this is completely false, compile a binary strip the signature and see for yourself.
AS requires code sign with adhoc, minimum.
3 months ago
this is completely false, compile a binary strip the signature and see for yourself.
AS requires code sign with adhoc, minimum.
To check I did this: removed the signature (LC_CODE_SIGNATURE section) using lief Python package (no affiliation, just looked suitable for the task), checked by otool that the section is indeed gone, started the binary - it worked. The spctl said that the binary is "rejected", but it says so about every non-Apple binary I checked on my machine so not informative. The codesign tool shows "is not signed at all" on the binary with stripped signature. I'm not too well-versed in OSX system/dev tools, so if there is a more correct/precise method of checking the signatures I'd very much like to know.
hmmm this is really bizarre.
are you running < 15.1?
Nope, 15.7.2. Maybe there are some settings, unknown to me, that are configured by MDM and that allow for such behaviour - our Macbooks are managed by the employer and are intended for development, so would be logical to set them up this way.
2 replies →