diff options
author | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2022-10-18 13:12:29 +0200 |
---|---|---|
committer | Andras Timar <andras.timar@collabora.com> | 2022-11-01 19:37:46 +0100 |
commit | a02ba0ed435a6fa2c5774a74759cf3cbae2ddcc0 (patch) | |
tree | 85e7d050496f4ff77a429f950f2e9279f9c19b17 | |
parent | 65553d935bf7704bae94512d47689e4666a3dfe7 (diff) |
macOS sandbox: only use com.apple.application-identifier for main package
when multiple files are signed with that entitlement, the build will
just be listed with "Not Available for Testing" via Testflight
Change-Id: I92957f24513ab419ddbc4289b53175932111c198
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141497
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit 6e6c6f697b019348161648d9d26398bf64de83ef)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141700
(cherry picked from commit 9c8c71b08317c0a1cb15cb35e7184db9b4501122)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141853
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
-rwxr-xr-x | solenv/bin/macosx-codesign-app-bundle | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle index a29b339de744..e569aef24333 100755 --- a/solenv/bin/macosx-codesign-app-bundle +++ b/solenv/bin/macosx-codesign-app-bundle @@ -25,11 +25,14 @@ done APP_BUNDLE="$1" entitlements= +application_identifier= if test -n "$ENABLE_MACOSX_SANDBOX"; then # In a sandboxed build executables need the entitlements entitlements="--entitlements $BUILDDIR/lo.xcent" + application_identifier=`/usr/libexec/PlistBuddy -c "print com.apple.application-identifier" $BUILDDIR/lo.xcent` + # remove the key from the entitlement - only use it when signing the whole bundle in the final step + /usr/libexec/PlistBuddy -c "delete com.apple.application-identifier" $BUILDDIR/lo.xcent # All data files are in Resources and included in the app bundle signature - # through that. I think. other_files='' # HACK: remove donate menu entries, need to support apple-pay and be verified # as non profit as a bare minimum to allow asking.... @@ -120,14 +123,13 @@ done # CFBundleExecutable from Info.plist, i.e. soffice, plus the contents # of the Resources tree. # -# At this stage we also attach the entitlements in the sandboxing case -# -# Also omit some files from the Bundle's seal via the resource-rules -# (bootstraprc and similar that the user might adjust and image files) # See also https://developer.apple.com/library/mac/technotes/tn2206/ -id=`echo ${PRODUCTNAME} | tr ' ' '-'` - +if test -n "$ENABLE_MACOSX_SANDBOX" && test -n "$application_identifier"; then + # add back the application-identifier to the entitlements + # testflight/beta-testing won't work if that key is used when signing the other executables + /usr/libexec/PlistBuddy -c "add com.apple.application-identifier string $application_identifier" $BUILDDIR/lo.xcent +fi codesign --force --options=runtime --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1 exit 0 |