diff --git a/isign/code_resources.py b/isign/code_resources.py
index 2f66f39d..b9cf75f2 100644
--- a/isign/code_resources.py
+++ b/isign/code_resources.py
@@ -134,6 +134,10 @@ def scan(self):
filename)
# log.debug(rule_debug_fmt.format(rule, path, relative_path))
+ # specifically ignore the CodeResources symlink in base directory if it exists (iOS 11+ fix)
+ if relative_path == "CodeResources" and os.path.islink(path):
+ continue
+
# There's no rule for the Entitlements.plist file which we
# generate temporarily so we just ommit the file as a special
# case...
diff --git a/isign/code_resources_template.xml b/isign/code_resources_template.xml
index e4c90eab..b6db658a 100644
--- a/isign/code_resources_template.xml
+++ b/isign/code_resources_template.xml
@@ -7,7 +7,7 @@
rules
- ^
+ ^.*
^.*\.lproj/
@@ -38,11 +38,6 @@
weight
11
- ^
-
- weight
- 20
-
^(.*/)?\.DS_Store$
omit
@@ -50,13 +45,6 @@
weight
2000
- ^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/
-
- nested
-
- weight
- 10
-
^.*
^.*\.lproj/
@@ -92,13 +80,6 @@
weight
20
- ^[^/]+$
-
- nested
-
- weight
- 10
-
^embedded\.provisionprofile$
weight
diff --git a/isign/macho.py b/isign/macho.py
index b6424937..bedf1e03 100644
--- a/isign/macho.py
+++ b/isign/macho.py
@@ -123,6 +123,10 @@
LC_ENCRYPTION_INFO_64=0x2c,
LC_LINKER_OPTION=0x2d,
LC_LINKER_OPTIMIZATION_HINT=0x2e,
+ LC_VERSION_MIN_TVOS=0x2f,
+ LC_VERSION_MIN_WATCHOS=0x30,
+ LC_NOTE=0x31,
+ LC_BUILD_VERSION=0x32,
),
UInt32("cmdsize"),
@@ -174,6 +178,7 @@
Enum(UInt32("magic"),
MH_MAGIC=0xfeedface,
MH_MAGIC_64=0xfeedfacf,
+ MH_CIGAM_64=0xcffaedfe,
),
UInt32("cputype"),
UInt32("cpusubtype"),
@@ -227,7 +232,7 @@
MH_UNUSED_5=0x40000000,
MH_UNUSED_6=0x80000000,
),
- If(lambda ctx: ctx['magic'] == 'MH_MAGIC_64', UInt32('reserved')), Rename('commands', Array(lambda ctx: ctx['ncmds'], LoadCommand)))
+ If(lambda ctx: ctx['magic'] in ('MH_MAGIC_64', 'MH_CIGAM_64'), UInt32('reserved')), Rename('commands', Array(lambda ctx: ctx['ncmds'], LoadCommand)))
FatArch = Struct("FatArch",
UBInt32("cputype"),
@@ -248,6 +253,7 @@
Peek(UInt32("magic")),
Switch("data", lambda ctx: ctx['magic'], {0xfeedface: MachO,
0xfeedfacf: MachO,
+ 0xcffaedfe: MachO,
0xcafebabe: Fat,
0xbebafeca: Fat,
0xc10cdefa: Blob,
diff --git a/isign/signable.py b/isign/signable.py
index 6cc2e14c..1553b5a3 100644
--- a/isign/signable.py
+++ b/isign/signable.py
@@ -176,7 +176,7 @@ def sign(self, app, signer):
# TODO: we assume that if any slice is unsigned, all slices are. This should be true in practice but
# we should still guard against this.
if self.sign_from_scratch and 'FatArch' in self.m.data:
- assert len(self.arches) >= 2
+ assert len(self.arches) >= 1
# todo(markwang): Update fat headers and mach_start for each slice if needewd
log.debug('signing fat binary from scratch')