Skip to content

V
vlc-2-2
Commit 7fc850c5 authored by David Fuhrmann's avatar David Fuhrmann Committed by Felix Paul Kühne
Browse files
Options

mac codesign: improve signing script 

- add signing of sparkles autoupdate tool
- directly fail on error
- fix bug preventing signing of VLC binary
- rework validation steps so that it validates frameworks and autoupdate
  tool separately, but then the complete bundle like gatekeeper (using
  --deep option)
Signed-off-by: default avatarFelix Paul Kühne <fkuehne@videolan.org>
(cherry picked from commit 699533d5b940bad7ddaffff99f31c83da630fd55)
parent 0949514f
Show whitespace changes
Inline Side-by-side
Showing with 17 additions and 36 deletions
extras/package/macosx/codesign.sh
View file @ 7fc850c5
...@@ -15,6 +15,8 @@ ...@@ -15,6 +15,8 @@
# along with this program; if not, write to the Free Software Foundation, # along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA. # Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
set -e
info() info()
{ {
green='\x1B[1;32m' green='\x1B[1;32m'
...@@ -81,8 +83,6 @@ then ...@@ -81,8 +83,6 @@ then
info "Signing the lua stuff" info "Signing the lua stuff"
find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \; find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
else else
IDENTIFIER="com.binarymethod.BGHUDAppKit"
FIRSTPARTOF_REQUIREMENT="=designated => anchor apple generic and identifier \"" FIRSTPARTOF_REQUIREMENT="=designated => anchor apple generic and identifier \""
SECONDPARTOF_REQUIREMENT="\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists and certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))" SECONDPARTOF_REQUIREMENT="\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists and certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))"
...@@ -92,11 +92,14 @@ else ...@@ -92,11 +92,14 @@ else
find VLC.app/Contents/Frameworks -type f -name "*.txt" -exec rm '{}' \; find VLC.app/Contents/Frameworks -type f -name "*.txt" -exec rm '{}' \;
info "Signing frameworks" info "Signing frameworks"
codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/BGHUDAppKit.framework/Versions/A IDENTIFIER="com.binarymethod.BGHUDAppKit"
codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/BGHUDAppKit.framework/Versions/A
IDENTIFIER="com.growl.growlframework" IDENTIFIER="com.growl.growlframework"
codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Growl.framework/Versions/A codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Growl.framework/Versions/A
IDENTIFIER="org.andymatuschak.sparkle.Autoupdate"
codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Sparkle.framework/Resources/Autoupdate.app
IDENTIFIER="org.andymatuschak.Sparkle" IDENTIFIER="org.andymatuschak.Sparkle"
codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A
info "Signing the framework headers" info "Signing the framework headers"
for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.h" -exec echo {} \;` for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.h" -exec echo {} \;`
...@@ -134,26 +137,6 @@ else ...@@ -134,26 +137,6 @@ else
codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
done done
info "Signing the Sparkle updater tool"
for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "PkgInfo" -exec echo {} \;`
do
fbname=$(basename "$i")
filename="${fbname%.*}"
codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
done
for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "Autoupdate" -exec echo {} \;`
do
codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
done
for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "*.icns" -exec echo {} \;`
do
fbname=$(basename "$i")
filename="${fbname%.*}"
codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
done
info "Signing the headers" info "Signing the headers"
for i in `find VLC.app/Contents/MacOS/include/* -type f -exec echo {} \;` for i in `find VLC.app/Contents/MacOS/include/* -type f -exec echo {} \;`
do do
...@@ -194,24 +177,22 @@ else ...@@ -194,24 +177,22 @@ else
done done
info "Signing the executable" info "Signing the executable"
codesign --force -s "$IDENTITY" --requirements "$FIRSTPARTOF_REQUIREMENTorg.videolan.vlc$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/MacOS/VLC IDENTIFIER="org.videolan.vlc"
codesign --force -s "$IDENTITY" --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/MacOS/VLC
fi fi
info "all items signed, validating..." info "all items signed, validating..."
info "Validating binary"
codesign --verify --verbose=4 VLC.app/Contents/MacOS/VLC
info "Validating frameworks" info "Validating frameworks"
find VLC.app/Contents/Frameworks/* -type f -exec codesign --verify '{}' \; codesign --verify -vv VLC.app/Contents/Frameworks/BGHUDAppKit.framework
codesign --verify -vv VLC.app/Contents/Frameworks/Growl.framework
codesign --verify -vv VLC.app/Contents/Frameworks/Sparkle.framework
info "Validating modules" info "Validating autoupdate app"
find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --verify '{}' \; codesign --verify -vv VLC.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Resources/Autoupdate.app
info "Validating libraries" info "Validating complete bundle"
find VLC.app/Contents/MacOS/lib/* -type f -exec codesign --verify '{}' \; codesign --verify --deep --verbose=4 VLC.app
info "Validating lua stuff"
find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --verify '{}' \;
info "Validation complete" info "Validation complete"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment