macos_installer_handler.py: Add signature check

2026-04-23 11:30:15 +10:00 · 2024-04-30 16:58:40 -06:00
parent a06b1f578e
commit ddb71e6776
2 changed files with 7 additions and 0 deletions
--- a/opencore_legacy_patcher/support/macos_installer_handler.py
+++ b/opencore_legacy_patcher/support/macos_installer_handler.py
@@ -139,7 +139,12 @@ class InstallerCreation():
            logging.info(f"Failed to copy installer to {ia_tmp}")
            return False

+        # Verify code signature before executing
        createinstallmedia_path = str(Path(installer_path) / Path("Contents/Resources/createinstallmedia"))
+        if subprocess.run(["/usr/bin/codesign", "-v", "-R=anchor apple", createinstallmedia_path]).returncode != 0:
+            logging.info(f"Installer has broken code signature")
+            return False
+
        plist_path = str(Path(installer_path) / Path("Contents/Info.plist"))
        if Path(plist_path).exists():
            plist = plistlib.load(Path(plist_path).open("rb"))