Perl Module Installation: "mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed."

Is this on Intel? Or Apple silicon? And, if it’s the latter, is it native? Or under Rosetta?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I am on Intel,

iMac (Retina 5K, 27 Zoll, 2019) , 3,7 GHz 6-Core Intel Core i5

Summary of my perl5 (revision 5 version 30 subversion 1) configuration:

  Platform:
    osname=darwin
    osvers=16.7.0
    archname=darwin-thread-multi-2level
    uname='darwin mamp6.local 16.7.0 darwin kernel version 16.7.0: sun jun 2 20:26:31 pdt 2019; root:xnu-3789.73.50~1release_x86_64 x86_64 '
    config_args='-des -Dprefix=/Applications/MAMP/Library -Duseithreads'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=define
    usemultiplicity=define
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
    bincompat5005=undef
  Compiler:
    cc='cc'
    ccflags ='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.12 -fno-strict-aliasing -pipe -fstack-protector-strong -DPERL_USE_SAFE_PUTENV'
    optimize='-O3'
    cppflags='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.12 -fno-strict-aliasing -pipe -fstack-protector-strong'
    ccversion=''
    gccversion='4.2.1 Compatible Apple LLVM 8.1.0 (clang-802.0.42)'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='cc'
    ldflags =' -mmacosx-version-min=10.12 -fstack-protector-strong -L/usr/local/lib'
    libpth=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/8.1.0/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib /usr/lib /usr/local/lib
    libs=-lpthread -ldbm -ldl -lm -lutil -lc
    perllibs=-lpthread -ldl -lm -lutil -lc
    libc=
    so=dylib
    useshrplib=false
    libperl=libperl.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=bundle
    d_dlsymun=undef
    ccdlflags=' '
    cccdlflags=' '
    lddlflags=' -mmacosx-version-min=10.12 -bundle -undefined dynamic_lookup -L/usr/local/lib -fstack-protector-strong'


Characteristics of this binary (from libperl):
  Compile-time options:
    HAS_TIMES
    MULTIPLICITY
    PERLIO_LAYERS
    PERL_COPY_ON_WRITE
    PERL_DONT_CREATE_GVSV
    PERL_IMPLICIT_CONTEXT
    PERL_MALLOC_WRAP
    PERL_OP_PARENT
    PERL_PRESERVE_IVUV
    PERL_USE_SAFE_PUTENV
    USE_64_BIT_ALL
    USE_64_BIT_INT
    USE_ITHREADS
    USE_LARGE_FILES
    USE_LOCALE
    USE_LOCALE_COLLATE
    USE_LOCALE_CTYPE
    USE_LOCALE_NUMERIC
    USE_LOCALE_TIME
    USE_PERLIO
    USE_PERL_ATOF
    USE_REENTRANT_API
    USE_THREAD_SAFE_LOCALE
  Built under darwin
  Compiled at Sep 30 2021 11:15:59

when i try to use perl that comes with MAMP

It’s likely that this copy of perl has library validation enabled — possibly explicitly, but more likely implicitly via the hardened runtime — and that’s preventing it from loading unsigned code.

What does this print:

% codesign -d -vvv --entitlements :- /Application/MAMP/Library/bin/perl

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

this is the result of codesign....

Identifier=perl
Format=Mach-O thin (x86_64)
CodeDirectory v=20500 size=25872 flags=0x10000(runtime) hashes=803+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=5647c461e7f6244b563c902a1f18f7baa887efa4
CandidateCDHashFull sha256=5647c461e7f6244b563c902a1f18f7baa887efa4e83dbde8f695009690248677
Hash choices=sha256
CMSDigest=5647c461e7f6244b563c902a1f18f7baa887efa4e83dbde8f695009690248677
CMSDigestType=2
CDHash=5647c461e7f6244b563c902a1f18f7baa887efa4
Signature size=8917
Authority=Developer ID Application: MAMP GmbH (5KCB5KHK77)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=30. Sep 2021 at 16:26:28
Info.plist=not bound
TeamIdentifier=5KCB5KHK77
Runtime Version=10.12.0
Sealed Resources=none
Internal requirements count=1 size=164
Warning: Specifying ':' in the path is deprecated and will not work in a future release
iMac:~ markus$

this is the result of codesign…

Thanks. This confirms my theory. Specifically, this:

CodeDirectory v=20500 size=25872 flags=0x10000(runtime) …

means that the hardened runtime is enabled. That enables library validation by default. There’s an entitlement to turn that off but the codesign output confirms that this developer hasn’t enabled that on their copy of perl.

Given that, there’s no good way to achieve your specific goal. The developer of MAMP has signed their code in a way that specifically prohibits it from loading code from other third-party developers. So, you’ll need to take another tack.

The standard alternative here is to build your app copy of perl from source (or install it via one of the standard Mac package manager tools). That’ll give you control over how it’s signed.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"