Module: OS::Mac::FFI::Security Private
- Extended by:
- NativeLibrary
- Defined in:
- os/mac/ffi/security.rb
Overview
This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.
Security.framework code-signing wrapper.
Constant Summary collapse
- FUNCTION_ARGUMENT_TYPES =
This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.
T.let( [Fiddle::TYPE_VOIDP, Fiddle::TYPE_UINT32_T, Fiddle::TYPE_VOIDP].freeze, T::Array[Integer], )
- VALIDATION_FLAGS =
This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.
Validate every architecture, nested code and strict bundle structure. https://developer.apple.com/documentation/security/static-code-validation-flags
T.let(((1 << 0) | (1 << 3) | (1 << 4)).freeze, Integer)
- REQUIREMENT_FAILED_STATUS =
This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.
https://developer.apple.com/documentation/security/errseccsreqfailed
-67050
Class Method Summary collapse
-
.designated_requirement(path) ⇒ String?
private
A designated requirement is macOS's durable identity for recognising successive versions of the same signed code.
- .requirement_match(path, requirement) ⇒ Boolean? private
Class Method Details
.designated_requirement(path) ⇒ String?
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
A designated requirement is macOS's durable identity for recognising successive versions of the same signed code. https://developer.apple.com/documentation/security/applying-code-requirements
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
# File 'os/mac/ffi/security.rb', line 66 def self.designated_requirement(path) code = static_code(path) return if code.nil? requirement = retained_pointer do |result| # https://developer.apple.com/documentation/security/seccodecopydesignatedrequirement%28_%3A_%3A_%3A%29 function( "SecCodeCopyDesignatedRequirement", FUNCTION_ARGUMENT_TYPES, Fiddle::TYPE_INT, ).call(code, 0, result) end return if requirement.nil? # Validate sealed content against its own identity before trusting it. # https://developer.apple.com/documentation/security/secstaticcodecheckvalidity%28_%3A_%3A_%3A%29 return unless function( "SecStaticCodeCheckValidity", FUNCTION_ARGUMENT_TYPES, Fiddle::TYPE_INT, ).call(code, VALIDATION_FLAGS, requirement).zero? requirement_string = retained_pointer do |result| function( "SecRequirementCopyString", FUNCTION_ARGUMENT_TYPES, Fiddle::TYPE_INT, ).call(requirement, 0, result) end return if requirement_string.nil? ObjectiveC.( requirement_string, "UTF8String", [], Fiddle::TYPE_VOIDP, ).to_s end |
.requirement_match(path, requirement) ⇒ Boolean?
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 |
# File 'os/mac/ffi/security.rb', line 106 def self.requirement_match(path, requirement) code = static_code(path) return if code.nil? requirement_string = CoreFoundation.string_create(requirement) return if requirement_string.null? compiled_requirement = retained_pointer do |result| # https://developer.apple.com/documentation/security/1394522-secrequirementcreatewithstring function( "SecRequirementCreateWithString", FUNCTION_ARGUMENT_TYPES, Fiddle::TYPE_INT, ).call(requirement_string, 0, result) end return if compiled_requirement.nil? status = function( "SecStaticCodeCheckValidity", FUNCTION_ARGUMENT_TYPES, Fiddle::TYPE_INT, ).call(code, VALIDATION_FLAGS, compiled_requirement) return true if status.zero? false if status == REQUIREMENT_FAILED_STATUS end |