sanitize scripts and perform codesigning as applicable

bootstrapTool/Classes/HelperClass.h

@@ -8,4 +8,7 @@
 + (NSArray <StatusPackageModel*>*)statusInstalledPackagesFromFile:(NSString *)statusFile;
 + (NSString *)singleLineReturnForProcess:(NSString *)call;
 + (NSArray *)arrayReturnForTask:(NSString *)taskBinary withArguments:(NSArray *)taskArguments;
++ (void)runProcess:(NSString *)call environment:(NSDictionary *)env currentPath:(NSString *)currentPath completion:(void(^)(NSString *output, NSInteger returnStatus))block;
++ (int)runCommand:(NSString *)call environment:(NSDictionary *)env currentPath:(NSString *)currentPath verbose:(BOOL)verbose;
++ (NSString *)validLDIDPath;
 @end

bootstrapTool/Classes/HelperClass.m

@@ -92,22 +92,63 @@
     return lines;
 }
 
++ (int)runCommand:(NSString *)call environment:(NSDictionary *)env currentPath:(NSString *)currentPath verbose:(BOOL)verbose {
+    if (call==nil)
+        return 0;
+    char line[200];
+    chdir([currentPath UTF8String]);
+    FILE* fp = popen([call UTF8String], "r");
+    //NSMutableArray *lines = [[NSMutableArray alloc]init];
+    if (fp) {
+        while (fgets(line, sizeof line, fp)) {
+            if (verbose) {
+                NSString *s = [NSString stringWithCString:line encoding:NSUTF8StringEncoding];
+                s = [s stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceAndNewlineCharacterSet]];
+                DLog(@"%@",s);
+            }
+        }
+    }
+    int returnCode = pclose(fp);
+    return returnCode;
+}
+
++ (void)runProcess:(NSString *)call environment:(NSDictionary *)env currentPath:(NSString *)currentPath completion:(void(^)(NSString *output, NSInteger returnStatus))block {
+
+    NSArray *args = [call componentsSeparatedByString:@" "];
+    NSString *taskBinary = args[0];
+    NSArray *taskArguments = [args subarrayWithRange:NSMakeRange(1, args.count-1)];
+    //DDLogInfo(@"%@ %@", taskBinary, [taskArguments componentsJoinedByString:@" "]);
+    NSTask *task = [[NSTask alloc] init];
+    NSPipe *pipe = [[NSPipe alloc] init];
+    NSFileHandle *handle = [pipe fileHandleForReading];
+    [task setLaunchPath:taskBinary];
+    [task setArguments:taskArguments];
+    [task setEnvironment:env];
+    [task setCurrentDirectoryPath:currentPath];
+    [task setStandardOutput:pipe];
+    [task setStandardError:pipe];
+    [task launch];
+    NSData *outData = nil;
+    NSString *temp = nil;
+    while((outData = [handle readDataToEndOfFile]) && [outData length]){
+        temp = [[NSString alloc] initWithData:outData encoding:NSASCIIStringEncoding];
+        DLog(@"%@", temp);
+    }
+    [handle closeFile];
+    [task waitUntilExit];
+    int termStatus = [task terminationStatus];
+    task = nil;
+    if (block){
+        block(temp, termStatus);
+    }
+}
+//-rw-r--r--   1 root        wheel        4197184 May  9 19:53 nitotv_3.4.3-63_appletvos-arm64.deb
 + (InputPackageFile *)packageFileFromLine:(NSString *)inputLine {
     //    "-rwxr-xr-x  0 root   wheel   69424 Oct 22 03:56 ./Library/MobileSubstrate/DynamicLibraries/beigelist7.dylib\n",
     
     //-rwxr-xr-x root/staff    10860 2011-02-02 03:55 ./Library/Frameworks/CydiaSubstrate.framework/Commands/cycc
     NSArray *lineObjects = [inputLine spaceDelimitedArray];
-    /*
-    inputLine = [inputLine stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceAndNewlineCharacterSet]];
-    inputLine = [inputLine stringByTrimmingCharactersInSet:[NSCharacterSet characterSetWithCharactersInString:@"\t"]];
-    NSMutableString *newString = [[NSMutableString alloc] initWithString:inputLine];
-    [newString replaceOccurrencesOfString:@"      " withString:@" " options:NSLiteralSearch range:NSMakeRange(0, [newString length])];
-    [newString replaceOccurrencesOfString:@"     " withString:@" " options:NSLiteralSearch range:NSMakeRange(0, [newString length])];
-    [newString replaceOccurrencesOfString:@"    " withString:@" " options:NSLiteralSearch range:NSMakeRange(0, [newString length])];
-    [newString replaceOccurrencesOfString:@"   " withString:@" " options:NSLiteralSearch range:NSMakeRange(0, [newString length])];
-    [newString replaceOccurrencesOfString:@"  " withString:@" " options:NSLiteralSearch range:NSMakeRange(0, [newString length])];
-    NSArray *lineObjects = [newString componentsSeparatedByString:@" "];
-     */
+    
     //NSLog(@"lineObjects: %@", lineObjects);
     /*
      
@@ -131,7 +172,10 @@
     NSString *octalUG = [self octalFromGroupSymbols:userGroup];
     NSString *fileName = [path lastPathComponent];
     //NSString *fullPath = [NSString stringWithFormat:@"/%@", path];
-    NSString *fullPath = [path substringFromIndex:1];
+    NSString *fullPath = path;
+    if ([path hasPrefix:@"."]){
+        fullPath = [path substringFromIndex:1];
+    }
     
     InputPackageFile *pf = [InputPackageFile new];
     [pf _setFileTypeFromRaw:fileTypeChar];
@@ -221,6 +265,19 @@
     return [NSString stringWithFormat:@"%@:%@", octalUser, octalGroup];
 }
 
++ (NSString *)validLDIDPath {
+    NSString *ldid = [[HelperClass arrayReturnForTask:@"/usr/bin/which" withArguments:@[@"ldid"]] firstObject];
+    if (ldid) {
+        //DLog(@"found ldid: %@", ldid);
+        NSString *ldidCommand = [NSString stringWithFormat:@"%@ -- 2>&1", ldid];
+        NSString *ldidTest = [HelperClass singleLineReturnForProcess:ldidCommand];
+        //DLog(@"ldidTest: %@", ldidTest);
+        if ([ldidTest containsString:@"Link Identity Editor"]) {
+            return ldid;
+        }
+    }
+    return false;
+}
 
 + (InputPackage *)packageForDeb:(NSString *)debFile {
     
@@ -245,6 +302,7 @@
     pkg.path = debFile;
     pkg.packageName = packageName;
     pkg.version = packageVersion;
+    pkg.validLDIDPath = [self validLDIDPath];
     return pkg;
     
 }

bootstrapTool/Classes/InputPackage.h

@@ -14,6 +14,7 @@
 @property (nonatomic, strong) NSString *path;
 @property (nonatomic, strong) NSString *appendedPrefix;
 @property (readwrite, assign) BOOL skipSignatureChecks;
+@property (nonatomic, strong) NSString *validLDIDPath;
 
 
 - (void)bumpVersionInCurrentDirectory;
@@ -21,4 +22,5 @@
 - (int)installToBootstrapPath:(NSString *)bootstrapPath;
 - (ErrorReturn *)errorReturnForBootstrap:(NSString *)bootstrapPath;
 - (NSString *)listfile;
+- (NSArray *)rootPaths;
 @end

bootstrapTool/Classes/InputPackage.m

@@ -23,6 +23,18 @@
     
 }
 
+- (NSArray *)rootPaths {
+    NSMutableArray *newArray = [NSMutableArray new];
+    [self.files enumerateObjectsUsingBlock:^(InputPackageFile * _Nonnull obj, NSUInteger idx, BOOL * _Nonnull stop) {
+        NSArray *pathC = [obj.path properPathComponents];
+        //DLog(@"%@ count: %lu", obj.path, pathC.count);
+        if (pathC.count == 1 && ![newArray containsObject:pathC.firstObject]) {
+            [newArray addObject:pathC.firstObject];
+        }
+    }];
+    return newArray;
+}
+
 - (NSString *)listfile {
     
     __block NSMutableArray *outFiles = [NSMutableArray new];
@@ -249,7 +261,27 @@
     }
 }
 
+- (BOOL)shouldCodesignFile:(NSString *)file {
+    NSArray *codesignPrefixes = @[@"py", @"so", @"dylib", @"appex"];
+    BOOL isDir = false;
+    [FM fileExistsAtPath:file isDirectory:&isDir];
+    if (isDir) return false;
+    return ([FM isExecutableFileAtPath:file] || [codesignPrefixes containsObject:[[file pathExtension] lowercaseString]]);
+}
+
 - (void)codesignIfNecessary:(NSString *)file {
+    if ([self shouldCodesignFile:file]){
+        NSString *ldidPath = [self validLDIDPath];
+        if (ldidPath) {
+            NSString *runCommand = [NSString stringWithFormat:@"%@ -M %@", ldidPath, file];
+            DLog(@"running codesign command: %@", runCommand);
+            NSString *returnValue = [HelperClass singleLineReturnForProcess:runCommand];
+            DLog(@"returnValue: %@", returnValue);
+        }
+    }
+}
+
+- (void)oldcodesignIfNecessary:(NSString *)file {
     if (![[[file pathExtension] lowercaseString] isEqualToString:@"dylib"]){
         return;
     }
@@ -286,6 +318,30 @@
     
 }
 
+- (void)sanitizeScriptsIfNecessary:(NSString *)debianFolder {
+    if (self.appendedPrefix.length > 0) {
+        NSArray *files = [FM contentsOfDirectoryAtPath:debianFolder error:nil];
+        [files enumerateObjectsUsingBlock:^(id  _Nonnull obj, NSUInteger idx, BOOL * _Nonnull stop) {
+            if (![obj isEqualToString:@"control"]) {
+                NSString *fullPath = [debianFolder stringByAppendingPathComponent:obj];
+                DLog(@"checking file: %@", fullPath);
+                NSString *fullString = [NSString stringWithContentsOfFile:fullPath encoding:NSUTF8StringEncoding error:nil];
+                if (!fullString) {
+                    fullString = [NSString stringWithContentsOfFile:fullPath encoding:NSASCIIStringEncoding error:nil];
+                }
+                if ([fullString containsString:@"#!/bin/bash"] || [fullString containsString:@"#!/bin/sh"]){
+                    fullString = [fullString stringByReplacingOccurrencesOfString:@"#!/bin/bash" withString:@""];
+                    fullString = [fullString stringByReplacingOccurrencesOfString:@"#!/bin/sh" withString:@""];
+                    if (fullString.length > 0) {
+                        [fullString writeToFile:fullPath atomically:TRUE encoding:NSUTF8StringEncoding error:nil];
+                        [HelperClass singleLineReturnForProcess:[NSString stringWithFormat:@"chmod +x %@", fullPath]];
+                    }
+                }
+            }
+        }];
+    }
+}
+
 - (void)bumpVersionInCurrentDirectory {
     
     NSString *fakeRoot = [HelperClass singleLineReturnForProcess:@"/usr/bin/which fakeroot"];
@@ -315,6 +371,8 @@
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
     [controlFile writeToFile:controlPath atomically:TRUE];
+    
+    [self sanitizeScriptsIfNecessary:debian];
 
     //at this point we have the files extracted, time to determine what needs to be changed
     
@@ -447,7 +505,7 @@
         [controlFile writeToFile:controlPath atomically:TRUE];
 #pragma clang diagnostic pop
     }
-    
+    [self sanitizeScriptsIfNecessary:debian];
     //at this point we have the files extracted, time to determine what needs to be changed
     NSArray *ignoreFiles = @[@".fauxsu", @".DS_Store"];
     NSArray *forbiddenRoots = @[@"etc", @"var", @"tmp"];