<@U09M563C7> when I use the signature table I get ...
# macosl
lvferdi
01/10/2018, 1:56 PM@theopolis when I use the signature table I get
Copy code
+---------+--------+--------------+------------------------------------------+-----------------+------------------+
| path | signed | identifier | cdhash | team_identifier | authority |
+---------+--------+--------------+------------------------------------------+-----------------+------------------+
| /bin/ls | 1 | <http://com.apple.ls|com.apple.ls> | b7aa5322870358c31ecec59439537f7282832edc | | Software Signing |
+---------+--------+--------------+------------------------------------------+-----------------+------------------+1lvferdi
01/12/2018, 2:48 PM@theopolis sorry to bother you with this again but is my assumption wrong about the
signedt
theopolis
01/12/2018, 3:02 PM
Sorry, I’m sporadic this week. I think the assumption is wrong, and that field is reporting the status after checking the signature.
theopolis
01/12/2018, 3:03 PM
Let’s review the code, and maybe you can copy a signed binary to temp, twiddle a few bytes, and check that field again?
theopolis
01/12/2018, 3:05 PM
l
lvferdi
01/12/2018, 4:17 PMperfect I’ll get testing that
lvferdi
01/12/2018, 5:45 PMOne of my guys did some testing and our results are:
1 = signed (self or other) and valid
0 = unsigned
0 = signed and invalid
May be worth breaking those into two outputs.
signature_signedsignature_validt
theopolis
01/12/2018, 7:52 PM
yes, maybe just a
signedvalidl
lvferdi
01/12/2018, 8:57 PMI think it will help with the understanding of the output as well. We are going to continue testing but it will take a few days. Going to try and throw some stuff at it and see what it says. But to be less confusing to the community two columns would be great. And help when hunting for abnormalities
t
theopolis
01/12/2018, 9:08 PM
right! are you planning to create a PR for that change?
l
lvferdi
01/12/2018, 9:12 PMI can.
t
theopolis
01/12/2018, 9:45 PM
🙏