From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jim Myhrberg Newsgroups: gmane.emacs.bugs Subject: bug#49271: 28.0.50: native-comp: Signing macOS self-contained .app bundle fails due to new *.eln location Date: Tue, 29 Jun 2021 12:58:44 +0100 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="19272"; mail-complaints-to="usenet@ciao.gmane.io" To: 49271@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Jun 29 13:59:11 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lyCOU-0004nX-PE for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 29 Jun 2021 13:59:10 +0200 Original-Received: from localhost ([::1]:50358 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lyCOS-0007DM-UG for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 29 Jun 2021 07:59:08 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:47690) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lyCOM-0007DE-Q9 for bug-gnu-emacs@gnu.org; Tue, 29 Jun 2021 07:59:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:42228) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lyCOM-0001gD-IU for bug-gnu-emacs@gnu.org; Tue, 29 Jun 2021 07:59:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lyCOM-00037a-6G for bug-gnu-emacs@gnu.org; Tue, 29 Jun 2021 07:59:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Jim Myhrberg Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 29 Jun 2021 11:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 49271 X-GNU-PR-Package: emacs X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.162496794111989 (code B ref -1); Tue, 29 Jun 2021 11:59:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 29 Jun 2021 11:59:01 +0000 Original-Received: from localhost ([127.0.0.1]:53774 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lyCOL-00037J-4A for submit@debbugs.gnu.org; Tue, 29 Jun 2021 07:59:01 -0400 Original-Received: from lists.gnu.org ([209.51.188.17]:37862) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lyCOJ-00037C-Mw for submit@debbugs.gnu.org; Tue, 29 Jun 2021 07:58:59 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:47682) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lyCOJ-0007D5-DP for bug-gnu-emacs@gnu.org; Tue, 29 Jun 2021 07:58:59 -0400 Original-Received: from mail-oi1-x244.google.com ([2607:f8b0:4864:20::244]:43851) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lyCOG-0001bm-Hn for bug-gnu-emacs@gnu.org; Tue, 29 Jun 2021 07:58:59 -0400 Original-Received: by mail-oi1-x244.google.com with SMTP id 22so19931363oix.10 for ; Tue, 29 Jun 2021 04:58:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jimeh.me; s=google; h=mime-version:from:date:message-id:subject:to; bh=DSuFit2QXbRLgaFHBKnHSOdFphDRmbHhga8ZRVzfL88=; b=KsgH6Jjh3lm+lz4ocSyLIhJXFG08tbVLl26mOSlx6b9cyCqqkF7n83uBTCkW+r6kNj qMnEz8130JUwiqbiS5pDAGcEtY1pr3d5GcqPR3G7piNY35DRiYoBYtyYZ3jQ0AoRlLwI 1UKG+k/YBKOqaffUOzyUfVbR2MnyhWu+nchARD7/dFEmpyK9JGVE3/qdRWwZZVkUnB4s v7G2cFu//NQStl4JAG1ogqsG5jO07u0152xEzpQBafDgu4HimyOXVSvxGcUfivsmduTi uP41m20aRnkeQ4xndCwC2b7J8G8Tl+Jvz05wDJRhLRhS6+cb7f6e2OimUuLl8PXUGN2o 8K3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=DSuFit2QXbRLgaFHBKnHSOdFphDRmbHhga8ZRVzfL88=; b=fuzhyQLnxmnrUTIvekDex2mefVw3+cpWOGx26AquZYbFlq/J0m1K1HoOrvUMY3EIIe FJIhxVnBqwf31zv/HyGlWW2RpqQbyc783Xy4nYdyDN+Pv0hLVv5h/78OVBwIBCFW6zb+ a9Ekt6UfozG0VJZZ24a+dH8mkiU9aoUFqc4PY/wF4XY30O4XZZ90X5N/4W5MBBo4eYPB PavDA1ttilm7EUZhxD5EFzU/2q3PHq9AN3NQeKZf+gXhmQ2r7z/q6bdcwtrD/5XV6u5s fJZJtwXa7LdKpKpgHaB0OQ2P18YQO0BabbiQ3ONGQXTLgUFniMihbhEJ1dk5VvEUygGH H4Ew== X-Gm-Message-State: AOAM532WIkwq1x47MTr8GLpgvX0ezyoIXWdOpYFq0iYdTc5/BUn10bMT Tnjma92BIV1hz5ZoZthyJmyGMN6NLC5lFF26VbY3Phmrp4mcoygQMQc= X-Google-Smtp-Source: ABdhPJzJ3+Cuz5+AT7c8nvspUbIWawZ2fY7wOHLqcw1xbyW5s9+ntxOgsg2JZodJDR+kUu6xy7fYGukN+dwMJsVQSc0= X-Received: by 2002:aca:4d05:: with SMTP id a5mr14045161oib.163.1624967934834; Tue, 29 Jun 2021 04:58:54 -0700 (PDT) Received-SPF: pass client-ip=2607:f8b0:4864:20::244; envelope-from=contact@jimeh.me; helo=mail-oi1-x244.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:209094 Archived-At: Commit 5dd2d50 seems to have moved the native-lisp folder within self-contained Emacs.app bundles: - from: "Contents/Resources/native-lisp" - to: "Contents/MacOS/lib/emacs/28.0.50/native-lisp" Unfortunately, Apple's codesign utility blows up with an error if there is any folder within "Contents/MacOS" (recursively) which contains two dots within its name. Here is an example of what the error looks like: /Users/runner/work/emacs-builds/emacs-builds/builds/Emacs.2021-06-26.b8f9e58.master.macOS-10-15.x86_64/Emacs.app: bundle format unrecognized, invalid, or unsuitable In subcomponent: /Users/runner/work/emacs-builds/emacs-builds/builds/Emacs.2021-06-26.b8f9e58.master.macOS-10-15.x86_64/Emacs.app/Contents/MacOS/lib/emacs/28.0.50 The above error is from this GitHub Actions workflow run: https://github.com/jimeh/emacs-builds/runs/2923284812?check_suite_focus=true The same issue happens locally for me too. I have so far not found a way to make codesign not blow up on such folders, so for now I've had to workaround the issue in my build script with the following changes: - https://github.com/jimeh/build-emacs-for-macos/commit/eeca7b798de236a3ffc1ab04b0f7735a37ce5af4 - https://github.com/jimeh/build-emacs-for-macos/commit/23b8236e0a66fb09810e8422bedf02f7192a53e4 In summary, I rename: - from: Emacs.app/Contents/MacOS/lib/emacs/28.0.50/native-lisp/28.0.50-852ecda2 - to: Emacs.app/Contents/MacOS/lib/emacs/28-0-50/native-lisp/28-0-50-852ecda2 (Note that I had to rename both "28.0.50" and "28.0.50-852ecda2" folders, as both trigger the error from codesign.) I create a symlink from "Contents/native-lisp" to "Contents/MacOS/lib/emacs/28-0-50/native-lisp". And finally I patch Emacs.pdmp (Emacs.app/Contents/MacOS/libexec/Emacs.pdmp), performing the following raw text replacements: - "lib/emacs/28.0.50/native-lisp/28.0.50-852ecda2/" --> "lib/emacs/28-0-50/native-lisp/28-0-50-852ecda2/" - "../native-lisp/28.0.50-852ecda2/" --> "../native-lisp/28-0-50-852ecda2/" This yields a seemingly actually working Emacs.app bundle, but it re-compiles all *.eln files in the bundle into the user cache folder. However, there's a separate bug causing re-compiling which I've reported as bug#49270, so for now I don't know if my patching would prevent Emacs from dynamically finding existing *.eln which are not referenced from Emacs.pdmp. This patching/workaround to get code signing to work feels very hacky and fragile. It would be great if we could avoid the need for this kind of patch to be able to codesign the .app bundle. The way I see it, there's three possible solutions: - Figure out a way to make Apple's codesign play nice. - Move the native-lisp folder back to "Contents/Resources/native-lisp", as codesign does not complain about folders with two dots in their names within the Resources directory. - Change paths used to store *.eln files within Contents/MacOS so no single folder name contains two dots.