diff options
| author | Andras Timar <andras.timar@collabora.com> | 2016-03-04 11:54:55 +0100 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2016-03-04 13:34:49 +0100 |
| commit | d0370811694dfed0fbfdfbb6570c606533c2a8d1 (patch) | |
| tree | 65be8204b19cd3b499d1c699421857519c6255c4 /solenv/bin/macosx-codesign-app-bundle | |
| parent | 7bba75cf5b3c42576f4cdbfb82f61c2de4932f8a (diff) | |
harden OS X code signing script (handle spaces in bundle name)
Change-Id: Icf9bdcd0bcd988d32477cf9ab7f8d917ff6a2275
Diffstat (limited to 'solenv/bin/macosx-codesign-app-bundle')
| -rwxr-xr-x | solenv/bin/macosx-codesign-app-bundle | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle index e65d8e63ce3e..ff6397a46421 100755 --- a/solenv/bin/macosx-codesign-app-bundle +++ b/solenv/bin/macosx-codesign-app-bundle @@ -36,7 +36,7 @@ APP_BUNDLE="$1" # add some where it makes sense. Make a depth-first search to sign the contents # of e.g. the spotlight plugin before attempting to sign the plugin itself -find -d "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.so' -or -name '*.fodt' \ +find -d "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.so' -or -name '*.fodt' -or -name '*.odt' \ -or -name 'schema.strings' -or -name 'schema.xml' -or -name '*.mdimporter' \ -or -name '*.jar' -or -name '*.jnilib' -or -name 'LICENSE' -or -name 'LICENSE.html' \ -or -name '*.applescript' \) ! -type l | grep -v "LibreOfficePython\.framework" | \ @@ -45,7 +45,7 @@ while read file; do codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1 done -find $APP_BUNDLE -name '*.dylib.*' ! -type l | \ +find "$APP_BUNDLE" -name '*.dylib.*' ! -type l | \ while read dylib; do \ id=`basename "$dylib"`; \ id=`echo $id | sed -e 's/dylib.*/dylib/'`; \ @@ -76,13 +76,14 @@ done # it has just one version, so this generic search is mostly for # completeness. -for framework in `find $APP_BUNDLE -name '*.framework' -type d`; do \ - fn="$(basename $framework)" +find "$APP_BUNDLE" -name '*.framework' -type d -print0 | \ +while IFS= read -r -d '' framework; do \ + fn=$(basename "$framework") fn=${fn%.*} - for version in $framework/Versions/*; do \ - if test ! -L $version -a -d $version; then - codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" $version/$fn || exit 1 - codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" $version || exit 1 + for version in "$framework"/Versions/*; do \ + if test ! -L "$version" -a -d "$version"; then + codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$version/$fn" || exit 1 + codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" || exit 1 fi; \ done; \ done @@ -103,6 +104,6 @@ if test -n "$ENABLE_MACOSX_SANDBOX"; then entitlements="--entitlements $BUILDDIR/lo.xcent" fi -codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}.$id" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements $APP_BUNDLE || exit 1 +codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}.$id" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1 exit 0 |