[vlc-devel] OSX, deep codesigning and plugins.dat
Felix Paul Kühne
fkuehne at videolan.org
Sun Dec 14 11:17:39 CET 2014
> On 14 Dec 2014, at 00:18, Matej Knopp <matej.knopp at inmethod.com> wrote:
> modifying codesigned bundle is no longer valid with deep codesigning
> so adding plugins.dat invalidates bundle signature.
> codesign -v --deep-verify VLC.app
> VLC.app: a sealed resource is missing or invalid
> (it returns without error until the first time app is executed)
> Shouldn't the plugins.dat be moved outside the bundle?
Yes, it should. But then again, the signature should be verified prior to the first launch creating the plugin cache, so so the signature failure would be detected only if you package a VLC binary with a plugin cache, transfer it to another Mac in a way which enables GateKeeper (aka upload + download via endorsed web browser) and try to install it.
However, you are right, the cache should be moved.
More information about the vlc-devel