mirror of https://github.com/electron/electron
22 lines
1.1 KiB
Diff
22 lines
1.1 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Samuel Attard <samuel.r.attard@gmail.com>
|
|
Date: Mon, 21 Mar 2022 15:14:19 -0700
|
|
Subject: fix: use kSecCSCheckNestedCode | kSecCSStrictValidate in the Sec
|
|
validate call
|
|
|
|
This ensures that Squirrel.Mac validates the nested bundles (nested Frameworks) including the incoming Squirrel.Mac framework.
|
|
|
|
diff --git a/Squirrel/SQRLCodeSignature.m b/Squirrel/SQRLCodeSignature.m
|
|
index f8754dbd6a1490d2b50f1014e2daa5c1f71b2103..2f5e27c1ae5c5bd514abe33d4cd42c4724656c07 100644
|
|
--- a/Squirrel/SQRLCodeSignature.m
|
|
+++ b/Squirrel/SQRLCodeSignature.m
|
|
@@ -124,7 +124,7 @@ - (RACSignal *)verifyBundleAtURL:(NSURL *)bundleURL {
|
|
}
|
|
|
|
CFErrorRef validityError = NULL;
|
|
- result = SecStaticCodeCheckValidityWithErrors(staticCode, kSecCSCheckAllArchitectures, (__bridge SecRequirementRef)self.requirement, &validityError);
|
|
+ result = SecStaticCodeCheckValidityWithErrors(staticCode, kSecCSCheckNestedCode | kSecCSStrictValidate | kSecCSCheckAllArchitectures, (__bridge SecRequirementRef)self.requirement, &validityError);
|
|
@onExit {
|
|
if (validityError != NULL) CFRelease(validityError);
|
|
};
|