ld: fix Mach-O code signing for non-cgo binaries

author Mikkel Krautz <mikkel@krautz.dk>

Mon, 23 Jan 2012 14:42:09 +0000 (09:42 -0500)

committer Russ Cox <rsc@golang.org>

Mon, 23 Jan 2012 14:42:09 +0000 (09:42 -0500)
author Mikkel Krautz <mikkel@krautz.dk>
Mon, 23 Jan 2012 14:42:09 +0000 (09:42 -0500)
committer Russ Cox <rsc@golang.org>
Mon, 23 Jan 2012 14:42:09 +0000 (09:42 -0500)
diff --git a/src/cmd/ld/macho.c b/src/cmd/ld/macho.c

index 05638f7254212913e08fc2aa0eda9c41214a8b94..6781c25a43d5703e526336f39a6c23368142e614 100644 (file)
--- a/src/cmd/ld/macho.c
+++ b/src/cmd/ld/macho.c
@@ -499,7 +499,24 @@ domacholink(void)
         s3 = lookup(".linkedit.got", 0);
         s4 = lookup(".dynstr", 0);
  
-       while(s4->size%4)
+       // Force the linkedit section to end on a 16-byte
+       // boundary.  This allows pure (non-cgo) Go binaries
+       // to be code signed correctly.
+       //
+       // Apple's codesign_allocate (a helper utility for
+       // the codesign utility) can do this fine itself if
+       // it is run on a dynamic Mach-O binary.  However,
+       // when it is run on a pure (non-cgo) Go binary, where
+       // the linkedit section is mostly empty, it fails to
+       // account for the extra padding that it itself adds
+       // when adding the LC_CODE_SIGNATURE load command
+       // (which must be aligned on a 16-byte boundary).
+       //
+       // By forcing the linkedit section to end on a 16-byte
+       // boundary, codesign_allocate will not need to apply
+       // any alignment padding itself, working around the
+       // issue.
+       while(s4->size%16)
                 adduint8(s4, 0);
         
         size = s1->size + s2->size + s3->size + s4->size;
author	Mikkel Krautz <mikkel@krautz.dk>
	Mon, 23 Jan 2012 14:42:09 +0000 (09:42 -0500)
committer	Russ Cox <rsc@golang.org>
	Mon, 23 Jan 2012 14:42:09 +0000 (09:42 -0500)