apple-codesign: zip notarization support

Adds the ability to notarize .zip files containing other notarizable
assets (such as a Mach-O binary).

Stapling (via the --staple option) is not supported for .zip files and
will return an error.

apple-codesign/src/notarization.rs

@@ -202,6 +202,7 @@ impl Notarizer {
                 self.notarize_bundle(&bundle, wait_limit)
             }
             PathType::Xar => self.notarize_flat_package(path, wait_limit),
+            PathType::Zip => self.notarize_flat_package(path, wait_limit),
             PathType::Dmg => self.notarize_dmg(path, wait_limit),
             PathType::MachO | PathType::Other => Err(AppleCodesignError::NotarizeUnsupportedPath(
                 path.to_path_buf(),
@@ -248,7 +249,7 @@ impl Notarizer {
         )
     }
 
-    /// Attempt to notarize a flat package (`.pkg`) installer.
+    /// Attempt to notarize a flat package (`.pkg`) installer or a .zip file.
     pub fn notarize_flat_package(
         &self,
         pkg_path: &Path,

apple-codesign/src/reader.rs

@@ -74,6 +74,20 @@ pub fn path_is_xar(path: impl AsRef<Path>) -> Result<bool, AppleCodesignError> {
     }
 }
 
+/// Test whether a given path is likely a ZIP file.
+pub fn path_is_zip(path: impl AsRef<Path>) -> Result<bool, AppleCodesignError> {
+    let mut fh = File::open(path.as_ref())?;
+
+    let mut header = [0u8; 4];
+
+    let count = fh.read(&mut header)?;
+    if count < 4 {
+        Ok(false)
+    } else {
+        Ok(header.as_ref() == [0x50, 0x4b, 0x03, 0x04])
+    }
+}
+
 /// Describes the type of entity at a path.
 ///
 /// This represents a best guess.
@@ -82,6 +96,7 @@ pub enum PathType {
     Dmg,
     Bundle,
     Xar,
+    Zip,
     Other,
 }
 
@@ -95,6 +110,8 @@ impl PathType {
                 Ok(PathType::Dmg)
             } else if path_is_xar(path)? {
                 Ok(PathType::Xar)
+            } else if path_is_zip(path)? {
+                Ok(PathType::Zip)
             } else {
                 match MachOType::from_path(path)? {
                     Some(MachOType::Mach | MachOType::MachO) => Ok(Self::MachO),
@@ -803,7 +820,7 @@ impl SignatureReader {
                 Ok(Self::MachO(path.to_path_buf(), data))
             }
             PathType::Xar => Ok(Self::FlatPackage(path.to_path_buf())),
-            PathType::Other => Err(AppleCodesignError::UnrecognizedPathType),
+            PathType::Zip | PathType::Other => Err(AppleCodesignError::UnrecognizedPathType),
         }
     }
 

apple-codesign/src/signing.rs

@@ -42,7 +42,7 @@ impl<'key> UnifiedSigner<'key> {
             PathType::Dmg => self.sign_dmg(input_path, output_path),
             PathType::MachO => self.sign_macho(input_path, output_path),
             PathType::Xar => self.sign_xar(input_path, output_path),
-            PathType::Other => Err(AppleCodesignError::UnrecognizedPathType),
+            PathType::Zip | PathType::Other => Err(AppleCodesignError::UnrecognizedPathType),
         }
     }
 

apple-codesign/src/stapling.rs

@@ -326,7 +326,7 @@ impl Stapler {
                 let xar = XarReader::new(File::options().read(true).write(true).open(path)?)?;
                 self.staple_xar(xar)
             }
-            PathType::Other => Err(AppleCodesignError::StapleUnsupportedPath(
+            PathType::Zip | PathType::Other => Err(AppleCodesignError::StapleUnsupportedPath(
                 path.to_path_buf(),
             )),
         }