diff options
Diffstat (limited to 'solenv')
-rwxr-xr-x | solenv/bin/macosx-codesign-app-bundle | 55 |
1 files changed, 27 insertions, 28 deletions
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle index e51c903a3199..7ac93d495010 100755 --- a/solenv/bin/macosx-codesign-app-bundle +++ b/solenv/bin/macosx-codesign-app-bundle @@ -19,8 +19,6 @@ for V in \ fi done -echo "codesigning using MACSOX_CODESIGNING_IDENTITY=[${MACOSX_CODESIGNING_IDENTITY?}]" - APP_BUNDLE="$1" # Sign dylibs @@ -32,46 +30,46 @@ APP_BUNDLE="$1" # # The dylibs in the Python framework are called *.so. Go figure # -# First sign all files that can use the default identifier in the hope -# that codesign will contact the timestamp server just once for all -# mentioned on the command line. -# # On Mavericks also would like to have data files signed... # add some where it makes sense. Make a depth-first search to sign the contents # of e.g. the spotlight plugin before attempting to sign the plugin itself -find -d $APP_BUNDLE \( -name '*.dylib' -or -name '*.so' -or -name '*.fodt' \ - -or -name 'schema.strings' -or -name 'schema.xml' -or -name '*.mdimporter' \ +find "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.dylib.*' -or -name '*.so' \ + -or -name '*.fodt' -or -name 'schema.strings' -or -name 'schema.xml' \ -or -name '*.jar' -or -name '*.jnilib' -or -name 'LICENSE' -or -name 'LICENSE.html' \ - -or -name '*.applescript' \) ! -type l | grep -v "LibreOfficePython\.framework" | \ -xargs codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" - -find $APP_BUNDLE -name '*.dylib.*' ! -type l | \ -while read dylib; do \ - id=`basename "$dylib"`; \ - id=`echo $id | sed -e 's/dylib.*/dylib/'`; \ - codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$dylib"; \ + -or -name '*.applescript' \) ! -type l | grep -v "LibreOfficePython\.framework" | +while read dylib; do + id=`echo ${dylib#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'` + codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$dylib" done # The executables have already been signed by # gb_LinkTarget__command_dynamiclink in # solenv/gbuild/platform/macosx.mk. -# Sign frameworks. -# +# Sign included bundles. First frameworks. + # Yeah, we don't bundle any other framework than our Python one, and # it has just one version, so this generic search is mostly for # completeness. -for framework in `find $APP_BUNDLE -name '*.framework' -type d`; do \ - fn="$(basename $framework)" +find "$APP_BUNDLE" -name '*.framework' -type d | +while read framework; do + fn=`basename "$framework"` fn=${fn%.*} - for version in $framework/Versions/*; do \ - if test ! -L $version -a -d $version; then - codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" $version/$fn - codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" $version - fi; \ - done; \ + for version in "$framework"/Versions/*; do + if test ! -L "$version" -a -d "$version"; then + codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$version/$fn" + codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" + fi + done +done + +# Then mdimporters + +find "$APP_BUNDLE" -name '*.mdimporter' -type d | +while read bundle; do + codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$bundle" done # Sign the app bundle as a whole which means (re-)signing the @@ -82,7 +80,7 @@ done # # At this stage we also attach the entitlements in the sandboxing case # -# Also omit some files from the Bunlde's seal via the resource-rules +# Also omit some files from the Bundle's seal via the resource-rules # (bootstraprc and similar that the user might adjust and image files) # See also https://developer.apple.com/library/mac/technotes/tn2206/ @@ -90,6 +88,7 @@ if test "$ENABLE_MACOSX_SANDBOX" = "TRUE"; then entitlements="--entitlements $BUILDDIR/lo.xcent" fi -codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}.$(basename ${APP_BUNDLE})" --resource-rules "$SRCDIR/setup_native/source/mac/CodesignRules.plist" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements $APP_BUNDLE +id=`basename "$APP_BUNDLE"` +codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}.$id" --resource-rules "$SRCDIR/setup_native/source/mac/CodesignRules.plist" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" exit 0 |