diff options
| author | Tor Lillqvist <tml@collabora.com> | 2014-03-07 09:54:56 +0200 |
|---|---|---|
| committer | Tor Lillqvist <tml@collabora.com> | 2014-03-07 09:54:56 +0200 |
| commit | 925b96171dda2f0366f27fdc2a5c058d4461ec12 (patch) | |
| tree | 42b25707095460fbff472f0687cfd2df14a9630b /solenv | |
| parent | 0d3af365585c90d64d1fcceca31f52626a0521c6 (diff) | |
Merge macosx-codesign-app-bundle changes from cp-4.1
Don't unintentionally drop a period, and actually simplify.
Handle app bundles with space in name, also sign the mdimporter
properly.
Just like the Python framework, also the Spotlight importer needs to
be signed specially, it seems.
Include the directory names in the "ids" to make them unique. There
are lots of files with the same name, especially in an app bundle that
includes help in multiple languages.
Change-Id: Idd8a19be0b6eba69c7086a7ba706f00521aa6ff6
Diffstat (limited to 'solenv')
| -rwxr-xr-x | solenv/bin/macosx-codesign-app-bundle | 55 |
1 files changed, 27 insertions, 28 deletions
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle index e51c903a3199..7ac93d495010 100755 --- a/solenv/bin/macosx-codesign-app-bundle +++ b/solenv/bin/macosx-codesign-app-bundle @@ -19,8 +19,6 @@ for V in \ fi done -echo "codesigning using MACSOX_CODESIGNING_IDENTITY=[${MACOSX_CODESIGNING_IDENTITY?}]" - APP_BUNDLE="$1" # Sign dylibs @@ -32,46 +30,46 @@ APP_BUNDLE="$1" # # The dylibs in the Python framework are called *.so. Go figure # -# First sign all files that can use the default identifier in the hope -# that codesign will contact the timestamp server just once for all -# mentioned on the command line. -# # On Mavericks also would like to have data files signed... # add some where it makes sense. Make a depth-first search to sign the contents # of e.g. the spotlight plugin before attempting to sign the plugin itself -find -d $APP_BUNDLE \( -name '*.dylib' -or -name '*.so' -or -name '*.fodt' \ - -or -name 'schema.strings' -or -name 'schema.xml' -or -name '*.mdimporter' \ +find "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.dylib.*' -or -name '*.so' \ + -or -name '*.fodt' -or -name 'schema.strings' -or -name 'schema.xml' \ -or -name '*.jar' -or -name '*.jnilib' -or -name 'LICENSE' -or -name 'LICENSE.html' \ - -or -name '*.applescript' \) ! -type l | grep -v "LibreOfficePython\.framework" | \ -xargs codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" - -find $APP_BUNDLE -name '*.dylib.*' ! -type l | \ -while read dylib; do \ - id=`basename "$dylib"`; \ - id=`echo $id | sed -e 's/dylib.*/dylib/'`; \ - codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$dylib"; \ + -or -name '*.applescript' \) ! -type l | grep -v "LibreOfficePython\.framework" | +while read dylib; do + id=`echo ${dylib#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'` + codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$dylib" done # The executables have already been signed by # gb_LinkTarget__command_dynamiclink in # solenv/gbuild/platform/macosx.mk. -# Sign frameworks. -# +# Sign included bundles. First frameworks. + # Yeah, we don't bundle any other framework than our Python one, and # it has just one version, so this generic search is mostly for # completeness. -for framework in `find $APP_BUNDLE -name '*.framework' -type d`; do \ - fn="$(basename $framework)" +find "$APP_BUNDLE" -name '*.framework' -type d | +while read framework; do + fn=`basename "$framework"` fn=${fn%.*} - for version in $framework/Versions/*; do \ - if test ! -L $version -a -d $version; then - codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" $version/$fn - codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" $version - fi; \ - done; \ + for version in "$framework"/Versions/*; do + if test ! -L "$version" -a -d "$version"; then + codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$version/$fn" + codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" + fi + done +done + +# Then mdimporters + +find "$APP_BUNDLE" -name '*.mdimporter' -type d | +while read bundle; do + codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$bundle" done # Sign the app bundle as a whole which means (re-)signing the @@ -82,7 +80,7 @@ done # # At this stage we also attach the entitlements in the sandboxing case # -# Also omit some files from the Bunlde's seal via the resource-rules +# Also omit some files from the Bundle's seal via the resource-rules # (bootstraprc and similar that the user might adjust and image files) # See also https://developer.apple.com/library/mac/technotes/tn2206/ @@ -90,6 +88,7 @@ if test "$ENABLE_MACOSX_SANDBOX" = "TRUE"; then entitlements="--entitlements $BUILDDIR/lo.xcent" fi -codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}.$(basename ${APP_BUNDLE})" --resource-rules "$SRCDIR/setup_native/source/mac/CodesignRules.plist" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements $APP_BUNDLE +id=`basename "$APP_BUNDLE"` +codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}.$id" --resource-rules "$SRCDIR/setup_native/source/mac/CodesignRules.plist" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" exit 0 |