Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cydia repo and CI #191

Open
stek29 opened this issue Jul 21, 2017 · 6 comments
Open

Cydia repo and CI #191

stek29 opened this issue Jul 21, 2017 · 6 comments
Labels
enhancement

Comments

@stek29
Copy link

stek29 commented Jul 21, 2017

It'd be nice to have a repo with always fresh Clutch in it, and I think Travis or any other CI/GitHub hook can be used for it.

Here's a sample script I'm using currently for automated build of deb (it's overloaded with tmpdir usage, and it doesn't check if iOS SDK is patched)
Manuals for dpkg-scanpackages and pushing to gh-pages from travis are not hard to find.

But I'd also suggest to make a separate repo for it to avoid polluting git with those binaries (I guess rewriting history would be fine too)
@Tatsh
Copy link
Collaborator

Tatsh commented Dec 21, 2017

We've had issues with signing before for some reason sometimes requiring the user to rename the binary to kill cache or to resign on their device. It happens randomly.

@stek29
Copy link
Author

stek29 commented Dec 22, 2017

"Killed: 9" ?

@Tatsh
Copy link
Collaborator

Tatsh commented Dec 22, 2017

Yes.

@stek29
Copy link
Author

stek29 commented Dec 22, 2017

Yeah, that's known issue and from what I've heard (from Siguza) it's caused by code signing. Removing the binary and then putting new one should probably work.

@Tatsh
Copy link
Collaborator

Tatsh commented Dec 22, 2017

Yeah and that's not a good solution for the average user.

What could be done is a custom script in the Debian package prior to installation to actually write zeros 2 times or so over the old binary and then delete and write the new binary, and resign it with ldid. I have not tested this theory out. I just usually rename the binary to clutch2 and start using it again.

The real question is how to properly kill the kernel signing cache. I think it's changed significantly since iOS 9.

@stek29
Copy link
Author

stek29 commented Mar 2, 2018

idk why but I just got notification for this thread.

It's not about writing zeroes -- there are "generation"s on each vnode's signature in ubc.
When some file is executed, it's code signature is parsed, and current generation is saved.

Then, when you change the file, parsed signature stays in ubc, and it's not parsed again. However, if current generation isn't equal to one on that vnode's cache, it gets re-parsed.

So, there are two ways: Either create a new vnode for the binary (i.e. remove it and create again), or somehow bump generation number.

Interestingly, AMFI's user client provides an API for that -- see this gist

So, in theory running that file should flush caches, and it only needs to be root iirc (no special entitlements).
However, in practice it didn't work on first try, and it was 6am so I didn't bother to check it and just went to sleep. And I never got to it again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Tatsh @stek29