Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Support codesigning macOS executables in bun build --compile #17207

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: Support codesigning macOS executables in bun build --compile #17207

wants to merge 2 commits into from
+1,143 −79

Conversation

Pranav2612000
Copy link

@Pranav2612000 Pranav2612000 commented Feb 9, 2025
edited
Loading

What does this PR do?

Based off #15525, this PR adds support for code signing macos executables. This is done with 2 changes:

  1. Support codesigning macOS executables in bun build --compile
  2. Deletes the hack where we read the last 4096 bytes of the currently running executables itself to see if it ends with "-- Bun --\n" . We now add a __BUN,__bun section in the macho executable so all we need to do is a single pointer lookup to find out if the current executable is a standalone executable and to get the data. This will also reduce memory usage because we no longer need to do another memory allocation to read through the standalone executable's code.

How did you verify your code works?

  • Ensured that bun is able to generate binaries which are codesignable.

Fixes #7208

@Pranav2612000 Pranav2612000 force-pushed the feat/allow-code-signing branch 2 times, most recently from 287d022 to d8e9b74 Compare February 9, 2025 16:10
@Pranav2612000 Pranav2612000 marked this pull request as ready for review February 9, 2025 16:22
@Pranav2612000 Pranav2612000 force-pushed the feat/allow-code-signing branch from d8e9b74 to 40a7088 Compare February 9, 2025 16:25
@Pranav2612000 Pranav2612000 changed the title feat: allow codesigning bun executables feat: Support codesigning macOS executables in bun build --compile Feb 9, 2025
@Pranav2612000 Pranav2612000 mentioned this pull request Feb 9, 2025
Draft
@Jarred-Sumner
Copy link
Collaborator

Wow nice find. The state of the Linux version of this was not ready - it had similar off-by-one issues somewhere - so we can't fully delete the original code.

@Pranav2612000
Copy link
Author

Pranav2612000 commented Feb 9, 2025
edited
Loading

Wow nice find. The state of the Linux version of this was not ready - it had similar off-by-one issues somewhere - so we can't fully delete the original code.

Oops. Do you have plans to look at this? If not, I can give the linux one a try as well. I'm guessing that Linux doesn't have concept of CodeSigning so the issue is that the output file is not executing correctly. Is that right?

Can we keep the older linux version?

@Jarred-Sumner
Copy link
Collaborator

Judging by the tests it looks like there's some more work to do on the macOS parts before this can move forward

If you want to take the Linux one feel free but I suggest doing this one step at a time to make sure it ships

@Pranav2612000
Copy link
Author

Pranav2612000 commented Feb 10, 2025
edited
Loading

Makes sense @Jarred-Sumner !
I'm working on getting the Mac version working first.
How flaky are the tests in general? Asking because the same tests are passing locally.
I'm able to reproduce it now. Any tips on how to debug and fix this.

I can see that the errors are probably due to storage full errors. I tested out both production and debugs builds and both have the same size ~50MB ( ~350MB for debug ) for simple hello-world

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot code-sign compiled executable on macOS
2 participants
@Pranav2612000 @Jarred-Sumner