Add support for signing mach-O binaries

[isuruf]

Is your feature request related to a problem? Please describe.

With macOS-arm64, binaries need to be signed when running. The signature can be ad-hoc which means it is signed without any proof. When changing a binary, this signature becomes invalidated and therefore the binary becomes not executable.

LIEF already has a method to get the code signature, but not to re-sign. It'd be great to have a way to sign.

Describe the solution you'd like
LIEF provides a feature to sign a mach-O binary

Describe alternatives you've considered

I've looked at ldid which is AGPL and zsign which doesn't have a license. I'd like to use a library which is not licensed GPL.

Additional context
Add any other context or screenshots about the feature request here.

[romainthomas]

Hi @isuruf
I agree that it would be a nice feature but to be honest, I will not have time to handle it at mi-term.

[farzonl]

As a workaround Is there a reason codesign can't be used as a post process action?

https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html

[cocos543]

+1

[palmerc]

Typically when I remove the signature, then just call out to

codesign -s - -f binary_path

Then the binary will run in the same way a clang produced file will