diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2015-02-10 10:47:39 +0100 |
|---|---|---|
| committer | Norbert Thiebaud <nthiebaud@gmail.com> | 2015-02-10 13:42:30 +0000 |
| commit | 89dfb8d732312b452c53c9522f75fb2eb61561c8 (patch) | |
| tree | 7a7b19650cb6c06c002eb81c6d56173269632a12 /setup_native | |
| parent | 91a425313d54f3a2a61aee55786cb5ce22fae130 (diff) | |
Attempt at fixing Mac OS X code signing
...so that LibreOffice.app dmgs built with --enable-macosx-code-signing with an
appstore-enabled identity will hopefully no longer be rejected on Mac OS X >=
10.9.5 as "'soffice' can't be opened because the identity of the developer
cannot be confirmed." (Which I cannot verify for lack of an appstore-enabled
certificate, though.)
First of all, do not ignore errors from calls to codesign utitlity. Really.
That reveals that soffice cannot be signed as soon as it is linked, as it
requires all the other stuff in the app to be already signed. So just don't
sign it after linking, it will be signed last step in macosx-codesign-app-bundle
anyway.
Second, --resource-rules exemptions are no longer allowed per
<https://developer.apple.com/library/mac/technotes/tn2206/_index.html> "OS X
Code Signing In Depth."
Third, the handful of remaining shell scripts in MacOS/ need to be signed too.
(Signing them adds extended attributes to the files.)
Unfortunately, as discussed at
<http://porkrind.org/missives/mac-os-x-codesigning-woes/> "Mac OS X codesigning
woes," "hdiutil makehybrid" drops extended attributes from the generated dmg (so
the dmg's LibreOffice.app would no longer be considered properly signed, as the
shell scripts would no longer be signed). So switch from "hdiutil makehybrid"
to "hdiutil create."
Change-Id: I4b587f87d504666f7a1d0e3a24a8be76f22014c5
(cherry picked from commit 615fae2f67028f3c5c51c70c77dbaa9b9f3856d6)
Reviewed-on: https://gerrit.libreoffice.org/14398
Tested-by: Norbert Thiebaud <nthiebaud@gmail.com>
Reviewed-by: Norbert Thiebaud <nthiebaud@gmail.com>
Diffstat (limited to 'setup_native')
| -rw-r--r-- | setup_native/source/mac/CodesignRules.plist | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/setup_native/source/mac/CodesignRules.plist b/setup_native/source/mac/CodesignRules.plist deleted file mode 100644 index 41b2321ccf0f..000000000000 --- a/setup_native/source/mac/CodesignRules.plist +++ /dev/null @@ -1,17 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<plist version="1.0"> -<dict> - <key>rules</key> - <dict> - <key>^MacOS/(bootstraprc|fundamentalrc|setuprc|sofficerc|unorc|versionrc)$</key> - <false/> - <key>^MacOS/pythonloader.unorc$</key> - <false/> - <key>^MacOS/(senddoc|python|gengal|unoinfo)$</key> - <false/> - <key>.*\.(png|svg|py|res|rdb)$</key> - <false/> - </dict> -</dict> -</plist> |