Skip to content

Releases: indygreg/apple-platform-rs

Apple Codesign 0.20.0

02 Oct 19:46
Compare
Choose a tag to compare

Release Info

Changelog

  • Zip notarization support. APIs and the notary-submit CLI command now recognize
    zip files and will upload them to the Notary API without modifications. Neither
    zip file signing nor stapling are supported. Feature contributed by @deansheather.
    (#20)
  • When signing the main binary in a bundle, we now prefer the identifier from
    the bundle's Info.plist over the identifier already present in the Mach-O.
    This ensures that the identifier is consistent across multiple Mach-O in a
    fat/universal binary and is consistent with the value advertised in the
    Info.plist. (#12, #22)
  • It is now possible to sign Mach-O binaries where the __LINKEDIT segment
    wasn't the final advertised segment in Mach-O headers. Previously, a
    __LINKEDIT isn't final Mach-O segment error would occur when attempting to
    sign a Mach-O whose headers declared a __LINKEDIT segment before other
    segments, even if __LINKEDIT was truly at the highest file offset. (This
    scenario is common in Go binaries.) (#17)
  • The --pem-source argument can now decode PKCS#1 private keys as encoded
    with RSA PRIVATE KEY. Previously, an unhandled PEM tag RSA PRIVATE KEY; ignoring warning would have been printed. (#26)
  • Most code from main.rs has been moved into cli.rs so it is part of the
    library.
  • aws-config, aws-smithy-http upgraded from 0.47 -> 0.49.
  • aws-sdk-s3 upgraded from 0.17 -> 0.19.
  • clap upgraded from 3.1 -> 4.0. This entailed a lot of code changes to
    argument parsing. Argument parsing behavior should be backwards compatible
    (unless otherwise documented in this section) and any change in behavior is
    a bug.

Apple Codesign 0.19.0

19 Sep 01:05
Compare
Choose a tag to compare

Release Info

This is the first release of Apple Codesign from its new home at https://github.com/indygreg/apple-platform-rs. The final release from its old home can be found at https://github.com/indygreg/PyOxidizer/releases/tag/apple-codesign%2F0.17.0.

Changelog (0.19.0)

Changelog (0.18.0)

(This version was tagged but binaries were not produced for the release. Multiple versions were tagged in a short time window to facilitate the project's migration to a new repository.)

  • Mach-O digesting code now digests file-level data without looking at segment
    boundaries. This fixes a bug where we were computing the incorrect digests when
    Mach-O segments weren't aligned at 4096 byte boundaries. (Go binaries commonly
    don't have 4k aligned segment boundaries.)
  • Optimizations to computing cryptographic digests of binaries. We eliminate a
    a redundant digest that was used to compute the final size of the code digests.
    The rayon crate is now used to perform digests in parallel, yielding a
    ~linear speedup with the number of CPUs available.
  • (API) app_store_connect module has been split up into multiple modules
    to facilitate better grouping.
  • (API) Various changes for upgrades of crates related to cryptography.
  • der crate upgraded from 0.5 to 0.6.
  • elliptic-curve crate upgraded from 0.11 to 0.12.
  • oid-registry crate upgraded from 0.5 to 0.6.
  • p256 crate upgraded from 0.10 to 0.11.
  • pkcs1 crate upgraded from 0.3 to 0.4.
  • pkcs8 crate upgraded from 0.8 to 0.9.
  • spki crate upgraded from 0.5 to 0.6.
  • yubikey crate upgraded from 0.4 to 0.6.
  • (API) The code_hash module had its content folded into the new function
    MachOBinary::code_digests().