Add test for codesigning bundles

Author: jtschuster

test/Microsoft.NET.Build.Tests/AppHostTests.cs

@@ -3,7 +3,6 @@
 
 #nullable disable
 
-using System.Buffers.Binary;
 using System.Diagnostics;
 using System.Reflection.PortableExecutable;
 using System.Text.RegularExpressions;
@@ -177,21 +176,12 @@ public void It_codesigns_an_app_targeting_osx(string targetFramework, string rid
             var appHostFullPath = Path.Combine(outputDirectory.FullName, testAssetName);
 
             // Check that the apphost is signed
-            HasMachOSignatureLoadCommand(new FileInfo(appHostFullPath)).Should().BeTrue();
-            // When on a Mac, use the codesign tool to verify the signature as well
+            MachOSignature.HasMachOSignatureLoadCommand(new FileInfo(appHostFullPath)).Should().BeTrue();
             if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
             {
-                var codesignPath = @"/usr/bin/codesign";
-                new RunExeCommand(Log, codesignPath, ["-s", "-", appHostFullPath])
-                    .Execute()
+                MachOSignature.HasValidMachOSignature(new FileInfo(appHostFullPath))
                     .Should()
-                    .Fail()
-                    .And
-                    .HaveStdErrContaining($"{appHostFullPath}: is already signed");
-                new RunExeCommand(Log, codesignPath, ["-v", appHostFullPath])
-                    .Execute()
-                    .Should()
-                    .Pass();
+                    .BeTrue($"The app host should have a valid Mach-O signature for {rid}.");
             }
         }
 
@@ -487,62 +477,5 @@ private static bool IsPE32(string path)
                 return reader.PEHeaders.PEHeader.Magic == PEMagic.PE32;
             }
         }
-
-        // Reads the Mach-O load commands and returns true if an LC_CODE_SIGNATURE command is found, otherwise returns false
-        static bool HasMachOSignatureLoadCommand(FileInfo file)
-        {
-            /* Mach-O files have the following structure:
-             * 32 byte header beginning with a magic number and info about the file and load commands
-             * A series of load commands with the following structure:
-             * - 4-byte command type
-             * - 4-byte command size
-             * - variable length command-specific data
-             */
-            const uint LC_CODE_SIGNATURE = 0x1D;
-            using (var stream = file.OpenRead())
-            {
-                // Read the MachO magic number to determine endianness
-                Span<byte> eightByteBuffer = stackalloc byte[8];
-                stream.ReadExactly(eightByteBuffer);
-                // Determine if the magic number is in the same or opposite endianness as the runtime
-                bool reverseEndinanness = BitConverter.ToUInt32(eightByteBuffer.Slice(0, 4)) switch
-                {
-                    0xFEEDFACF => false,
-                    0xCFFAEDFE => true,
-                    _ => throw new InvalidOperationException("Not a 64-bit Mach-O file")
-                };
-                // 4-byte value at offset 16 is the number of load commands
-                // 4-byte value at offset 20 is the size of the load commands
-                stream.Position = 16;
-                ReadUInts(stream, eightByteBuffer, out uint loadCommandsCount, out uint loadCommandsSize);
-                // Mach-0 64 byte headers are 32 bytes long, and the first load command will be right after
-                stream.Position = 32;
-                bool hasSignature = false;
-                for (int commandIndex = 0; commandIndex < loadCommandsCount; commandIndex++)
-                {
-                    ReadUInts(stream, eightByteBuffer, out uint commandType, out uint commandSize);
-                    if (commandType == LC_CODE_SIGNATURE)
-                    {
-                        hasSignature = true;
-                    }
-                    stream.Position += commandSize - eightByteBuffer.Length;
-                }
-                Debug.Assert(stream.Position == loadCommandsSize + 32);
-                return hasSignature;
-
-                void ReadUInts(Stream stream, Span<byte> buffer, out uint val1, out uint val2)
-                {
-                    stream.ReadExactly(buffer);
-                    val1 = BitConverter.ToUInt32(buffer.Slice(0, 4));
-                    val2 = BitConverter.ToUInt32(buffer.Slice(4, 4));
-                    if (reverseEndinanness)
-                    {
-                        val1 = BinaryPrimitives.ReverseEndianness(val1);
-                        val2 = BinaryPrimitives.ReverseEndianness(val2);
-                    }
-                }
-            }
-        }
-
     }
 }

test/Microsoft.NET.Publish.Tests/GivenThatWeWantToPublishASingleFileApp.cs

@@ -82,10 +82,10 @@ private string GetNativeDll(string baseName)
                    RuntimeInformation.RuntimeIdentifier.StartsWith("osx") ? "lib" + baseName + ".dylib" : "lib" + baseName + ".so";
         }
 
-        private DirectoryInfo GetPublishDirectory(PublishCommand publishCommand, string targetFramework = ToolsetInfo.CurrentTargetFramework)
+        private DirectoryInfo GetPublishDirectory(PublishCommand publishCommand, string targetFramework = ToolsetInfo.CurrentTargetFramework, string runtimeIdentifier = null)
         {
             return publishCommand.GetOutputDirectory(targetFramework: targetFramework,
-                                                     runtimeIdentifier: RuntimeInformation.RuntimeIdentifier);
+                                                     runtimeIdentifier: runtimeIdentifier ??  RuntimeInformation.RuntimeIdentifier);
         }
 
         [Fact]
@@ -1126,5 +1126,43 @@ static void VerifyPrepareForBundle(XDocument project)
                             new XAttribute("Condition", "'%(FilesToBundle.RelativePath)' == 'SingleFileTest.dll'"))));
             }
         }
+
+        [Theory]
+        [InlineData("osx-x64")]
+        [InlineData("osx-arm64")]
+        public void It_codesigns_an_app_targeting_osx(string rid)
+        {
+            var targetFramework = ToolsetInfo.CurrentTargetFramework;
+            var testProject = new TestProject()
+            {
+                Name = "SingleFileTest",
+                TargetFrameworks = targetFramework,
+                IsExe = true,
+            };
+            testProject.AdditionalProperties.Add("SelfContained", $"true");
+
+            var testAsset = _testAssetsManager.CreateTestProject(
+                testProject,
+                identifier: rid);
+            var publishCommand = new PublishCommand(testAsset);
+
+            publishCommand.Execute(PublishSingleFile, $"/p:RuntimeIdentifier={rid}", IncludeDefault)
+                .Should()
+                .Pass();
+
+            var publishDir = GetPublishDirectory(publishCommand, targetFramework, runtimeIdentifier: rid).FullName;
+            var singleFilePath = Path.Combine(publishDir, $"{testProject.Name}{Constants.ExeSuffix}");
+
+            MachOSignature.HasMachOSignatureLoadCommand(new FileInfo(singleFilePath))
+                .Should()
+                .BeTrue($"The app host should have a Mach-O signature load command for {rid}.");
+
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
+            {
+                MachOSignature.HasValidMachOSignature(new FileInfo(singleFilePath), Log)
+                    .Should()
+                    .BeTrue($"The app host should have a valid Mach-O signature for {rid}.");
+            }
+        }
     }
 }

test/Microsoft.NET.TestFramework/Utilities/MachOSignature.cs

@@ -0,0 +1,76 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Runtime.Versioning;
+using System.Buffers.Binary;
+using System.Diagnostics;
+
+namespace Microsoft.NET.TestFramework.Utilities
+{
+    public static class MachOSignature
+    {
+        [SupportedOSPlatform("osx")]
+        public static bool HasValidMachOSignature(FileInfo file, ITestOutputHelper log)
+        {
+            var codesignPath = @"/usr/bin/codesign";
+            return new RunExeCommand(log, codesignPath, "-v", file.FullName)
+                .Execute().ExitCode == 0;
+        }
+
+        // Reads the Mach-O load commands and returns true if an LC_CODE_SIGNATURE command is found, otherwise returns false
+        public static bool HasMachOSignatureLoadCommand(FileInfo file)
+        {
+            /* Mach-O files have the following structure:
+             * 32 byte header beginning with a magic number and info about the file and load commands
+             * A series of load commands with the following structure:
+             * - 4-byte command type
+             * - 4-byte command size
+             * - variable length command-specific data
+             */
+            const uint LC_CODE_SIGNATURE = 0x1D;
+            using (var stream = file.OpenRead())
+            {
+                // Read the MachO magic number to determine endianness
+                Span<byte> eightByteBuffer = stackalloc byte[8];
+                stream.ReadExactly(eightByteBuffer);
+                // Determine if the magic number is in the same or opposite endianness as the runtime
+                bool reverseEndinanness = BitConverter.ToUInt32(eightByteBuffer.Slice(0, 4)) switch
+                {
+                    0xFEEDFACF => false,
+                    0xCFFAEDFE => true,
+                    _ => throw new InvalidOperationException("Not a 64-bit Mach-O file")
+                };
+                // 4-byte value at offset 16 is the number of load commands
+                // 4-byte value at offset 20 is the size of the load commands
+                stream.Position = 16;
+                ReadUInts(stream, eightByteBuffer, out uint loadCommandsCount, out uint loadCommandsSize);
+                // Mach-0 64 byte headers are 32 bytes long, and the first load command will be right after
+                stream.Position = 32;
+                bool hasSignature = false;
+                for (int commandIndex = 0; commandIndex < loadCommandsCount; commandIndex++)
+                {
+                    ReadUInts(stream, eightByteBuffer, out uint commandType, out uint commandSize);
+                    if (commandType == LC_CODE_SIGNATURE)
+                    {
+                        hasSignature = true;
+                    }
+                    stream.Position += commandSize - eightByteBuffer.Length;
+                }
+                Debug.Assert(stream.Position == loadCommandsSize + 32);
+                return hasSignature;
+
+                void ReadUInts(Stream stream, Span<byte> buffer, out uint val1, out uint val2)
+                {
+                    stream.ReadExactly(buffer);
+                    val1 = BitConverter.ToUInt32(buffer.Slice(0, 4));
+                    val2 = BitConverter.ToUInt32(buffer.Slice(4, 4));
+                    if (reverseEndinanness)
+                    {
+                        val1 = BinaryPrimitives.ReverseEndianness(val1);
+                        val2 = BinaryPrimitives.ReverseEndianness(val2);
+                    }
+                }
+            }
+        }
+    }
+}