Skip to content

Commit 8bbfc51

Browse files
andybonsandybons
committed
all: base64-encode binaries that will cause Apple notarization to fail
Starting with macOS 10.15 (Catalina), Apple now requires all software distributed outside of the App Store to be notarized. Any binaries we distribute must abide by a strict set of requirements like code-signing and having a minimum target SDK of 10.9 (amongst others). Apple’s notarization service will recursively inspect archives looking to find notarization candidate binaries. If it finds a binary that does not meet the requirements or is unable to decompress an archive, it will reject the entire distribution. From cursory testing, it seems that the service uses content sniffing to determine file types, so changing the file extension will not work. There are some binaries and archives included in our distribution that are being detected by Apple’s service as potential candidates for notarization or decompression. As these are files used by tests and some are intentionally invalid, we don’t intend to ever make them compliant. As a workaround for this, we base64-encode any binaries or archives that Apple’s notarization service issues a warning for, as these warnings will become errors in January 2020. Updates #34986 Change-Id: I106fbb6227b61eb221755568f047ee11103c1680 Reviewed-on: https://go-review.googlesource.com/c/go/+/208118 Run-TryBot: Andrew Bonventre <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]>
1 parent 39a9cb4 commit 8bbfc51

35 files changed

+194
-45
lines changed

src/archive/zip/reader_test.go

Lines changed: 25 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ import (
88
"bytes"
99
"encoding/binary"
1010
"encoding/hex"
11+
"internal/obscuretestdata"
1112
"io"
1213
"io/ioutil"
1314
"os"
@@ -19,11 +20,12 @@ import (
1920
)
2021

2122
type ZipTest struct {
22-
Name string
23-
Source func() (r io.ReaderAt, size int64) // if non-nil, used instead of testdata/<Name> file
24-
Comment string
25-
File []ZipTestFile
26-
Error error // the error that Opening this file should return
23+
Name string
24+
Source func() (r io.ReaderAt, size int64) // if non-nil, used instead of testdata/<Name> file
25+
Comment string
26+
File []ZipTestFile
27+
Obscured bool // needed for Apple notarization (golang.org/issue/34986)
28+
Error error // the error that Opening this file should return
2729
}
2830

2931
type ZipTestFile struct {
@@ -189,8 +191,12 @@ var tests = []ZipTest{
189191
},
190192
{
191193
// created by Go, before we wrote the "optional" data
192-
// descriptor signatures (which are required by OS X)
193-
Name: "go-no-datadesc-sig.zip",
194+
// descriptor signatures (which are required by macOS).
195+
// Use obscured file to avoid Apple’s notarization service
196+
// rejecting the toolchain due to an inability to unzip this archive.
197+
// See golang.org/issue/34986
198+
Name: "go-no-datadesc-sig.zip.base64",
199+
Obscured: true,
194200
File: []ZipTestFile{
195201
{
196202
Name: "foo.txt",
@@ -208,7 +214,7 @@ var tests = []ZipTest{
208214
},
209215
{
210216
// created by Go, after we wrote the "optional" data
211-
// descriptor signatures (which are required by OS X)
217+
// descriptor signatures (which are required by macOS)
212218
Name: "go-with-datadesc-sig.zip",
213219
File: []ZipTestFile{
214220
{
@@ -496,8 +502,18 @@ func readTestZip(t *testing.T, zt ZipTest) {
496502
rat, size := zt.Source()
497503
z, err = NewReader(rat, size)
498504
} else {
505+
path := filepath.Join("testdata", zt.Name)
506+
if zt.Obscured {
507+
tf, err := obscuretestdata.DecodeToTempFile(path)
508+
if err != nil {
509+
t.Errorf("obscuretestdata.DecodeToTempFile(%s): %v", path, err)
510+
return
511+
}
512+
defer os.Remove(tf)
513+
path = tf
514+
}
499515
var rc *ReadCloser
500-
rc, err = OpenReader(filepath.Join("testdata", zt.Name))
516+
rc, err = OpenReader(path)
501517
if err == nil {
502518
defer rc.Close()
503519
z = &rc.Reader

src/archive/zip/testdata/go-no-datadesc-sig.zip

-330 Bytes
Binary file not shown.

src/archive/zip/testdata/go-no-datadesc-sig.zip.base64

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
UEsDBBQACAAAAGWHaECoZTJ+BAAAAAQAAAAHABgAZm9vLnR4dFVUBQAD3lVZT3V4CwABBPUBAAAEFAAAAGZvbwqoZTJ+BAAAAAQAAABQSwMEFAAIAAAAZodoQOmzogQEAAAABAAAAAcAGABiYXIudHh0VVQFAAPgVVlPdXgLAAEE9QEAAAQUAAAAYmFyCumzogQEAAAABAAAAFBLAQIUAxQACAAAAGWHaECoZTJ+BAAAAAQAAAAHABgAAAAAAAAAAACkgQAAAABmb28udHh0VVQFAAPeVVlPdXgLAAEE9QEAAAQUAAAAUEsBAhQDFAAIAAAAZodoQOmzogQEAAAABAAAAAcAGAAAAAAAAAAAAKSBTQAAAGJhci50eHRVVAUAA+BVWU91eAsAAQT1AQAABBQAAABQSwUGAAAAAAIAAgCaAAAAmgAAAAAA

src/cmd/internal/buildid/buildid_test.go

Lines changed: 26 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ package buildid
77
import (
88
"bytes"
99
"crypto/sha256"
10+
"internal/obscuretestdata"
1011
"io/ioutil"
1112
"os"
1213
"reflect"
@@ -19,13 +20,6 @@ const (
1920
)
2021

2122
func TestReadFile(t *testing.T) {
22-
var files = []string{
23-
"p.a",
24-
"a.elf",
25-
"a.macho",
26-
"a.pe",
27-
}
28-
2923
f, err := ioutil.TempFile("", "buildid-test-")
3024
if err != nil {
3125
t.Fatal(err)
@@ -34,26 +28,43 @@ func TestReadFile(t *testing.T) {
3428
defer os.Remove(tmp)
3529
f.Close()
3630

37-
for _, f := range files {
38-
id, err := ReadFile("testdata/" + f)
31+
// Use obscured files to prevent Apple’s notarization service from
32+
// mistaking them as candidates for notarization and rejecting the entire
33+
// toolchain.
34+
// See golang.org/issue/34986
35+
var files = []string{
36+
"p.a.base64",
37+
"a.elf.base64",
38+
"a.macho.base64",
39+
"a.pe.base64",
40+
}
41+
42+
for _, name := range files {
43+
f, err := obscuretestdata.DecodeToTempFile("testdata/" + name)
44+
if err != nil {
45+
t.Errorf("obscuretestdata.DecodeToTempFile(testdata/%s): %v", name, err)
46+
continue
47+
}
48+
defer os.Remove(f)
49+
id, err := ReadFile(f)
3950
if id != expectedID || err != nil {
4051
t.Errorf("ReadFile(testdata/%s) = %q, %v, want %q, nil", f, id, err, expectedID)
4152
}
4253
old := readSize
4354
readSize = 2048
44-
id, err = ReadFile("testdata/" + f)
55+
id, err = ReadFile(f)
4556
readSize = old
4657
if id != expectedID || err != nil {
47-
t.Errorf("ReadFile(testdata/%s) [readSize=2k] = %q, %v, want %q, nil", f, id, err, expectedID)
58+
t.Errorf("ReadFile(%s) [readSize=2k] = %q, %v, want %q, nil", f, id, err, expectedID)
4859
}
4960

50-
data, err := ioutil.ReadFile("testdata/" + f)
61+
data, err := ioutil.ReadFile(f)
5162
if err != nil {
5263
t.Fatal(err)
5364
}
5465
m, _, err := FindAndHash(bytes.NewReader(data), expectedID, 1024)
5566
if err != nil {
56-
t.Errorf("FindAndHash(testdata/%s): %v", f, err)
67+
t.Errorf("FindAndHash(%s): %v", f, err)
5768
continue
5869
}
5970
if err := ioutil.WriteFile(tmp, data, 0666); err != nil {
@@ -68,7 +79,7 @@ func TestReadFile(t *testing.T) {
6879
err = Rewrite(tf, m, newID)
6980
err2 := tf.Close()
7081
if err != nil {
71-
t.Errorf("Rewrite(testdata/%s): %v", f, err)
82+
t.Errorf("Rewrite(%s): %v", f, err)
7283
continue
7384
}
7485
if err2 != nil {
@@ -77,7 +88,7 @@ func TestReadFile(t *testing.T) {
7788

7889
id, err = ReadFile(tmp)
7990
if id != newID || err != nil {
80-
t.Errorf("ReadFile(testdata/%s after Rewrite) = %q, %v, want %q, nil", f, id, err, newID)
91+
t.Errorf("ReadFile(%s after Rewrite) = %q, %v, want %q, nil", f, id, err, newID)
8192
}
8293
}
8394
}

src/cmd/internal/buildid/testdata/a.elf

-12.5 KB
Binary file not shown.

src/cmd/internal/buildid/testdata/a.elf.base64

Lines changed: 1 addition & 0 deletions
Large diffs are not rendered by default.

src/cmd/internal/buildid/testdata/a.macho

-13.2 KB
Binary file not shown.

src/cmd/internal/buildid/testdata/a.macho.base64

Lines changed: 1 addition & 0 deletions
Large diffs are not rendered by default.

src/cmd/internal/buildid/testdata/a.pe

-3.5 KB
Binary file not shown.

src/cmd/internal/buildid/testdata/a.pe.base64

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
TVqQAAMABAAAAAAA//8AAIsAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZIYEAAAAAAAADAAAAAAAAPAAIwILAgMAAAIAAAACAAAAAAAAcBAAAAAQAAAAAEAAAAAAAAAQAAAAAgAABAAAAAEAAAAEAAAAAAAAAABQAAAABgAAAAAAAAMAAAAAACAAAAAAAADgHwAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAMAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAMYBAAAAEAAAAAIAAAAGAAAAAAAAAAAAAAAAAABgAABgLmRhdGEAAADgAQAAACAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAwC5pZGF0YQAAFAAAAAAwAAAAAgAAAAoAAAAAAAAAAAAAAAAAAEAAAMAuc3ltdGFiAAQAAAAAQAAAAAIAAAAMAAAAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/yBHbyBidWlsZCBJRDogImFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6LjEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQiCiD/zMPMzMzMzMzMzMzMzMzMzMwBAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAEEAAAAAAAAAAAAAAAAAA+////wAAAQgCAAAAAAAAAAAQQAAAAAAAQAAAAAAAAABwEEAAAAAAAHgAAAAAAAAAcRBAAAAAAADIAAAAAAAAAAAQQAAAAAAAaAAAAAAAAABnRSMBAAAAAAAAAAAAAAAAAAAAAAAAAABnby5idWlsZGlkAAAAAAAAcBBAAAAAAACwAAAAAAAAAGdFIwG7AAAAvgAAAMEAAAAAAAAAAgAAAIAQQAAAAAAAgBBAAAAAAABtYWluLm1haW4AAAIBAAQBAAYBAAAAAAACAAAA0AAAAC9Vc2Vycy9yc2MvZ28vc3JjL2NtZC9pbnRlcm5hbC9idWlsZGlkL3Rlc3RkYXRhL3AuZ28AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAQQAAAAAAABgEAAAAAAAAGAQAAAAAAANAQQAAAAAAAAwAAAAAAAAADAAAAAAAAAIgRQAAAAAAAAgAAAAAAAAACAAAAAAAAAIwQQAAAAAAAABBAAAAAAABxEEAAAAAAAAAQQAAAAAAAgBBAAAAAAAAAIEAAAAAAAOAhQAAAAAAA4CFAAAAAAADgIUAAAAAAAOAhQAAAAAAA4CFAAAAAAADgIUAAAAAAAOAhQAAAAAAA4CFAAAAAAACJEEAAAAAAAIgQQAAAAAAAgBBAAAAAAAC4EEAAAAAAAKAQQAAAAAAAAQAAAAAAAAABAAAAAAAAALgQQAAAAAAAAAAAAAAAAAAAAAAAAAAAALgQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

0 commit comments

Comments
 (0)