Commit 025b279e authored by Felix Paul Kühne's avatar Felix Paul Kühne

macosx: added a basic script and some entitlements to enable Sandboxing on OS X Lion (refs #5149)

(cherry picked from commit eba61d4f)
parent 470a3467
......@@ -97,7 +97,9 @@ ChangeLog: Makefile.am
###############################################################################
EXTRA_DIST += \
extras/package/macosx/codesign.sh \
extras/package/macosx/README.MacOSX.rtf \
extras/package/macosx/VLC.entitlements \
extras/package/macosx/Resources/dsa_pub.pem \
extras/package/macosx/Resources/English.lproj/About.xib \
extras/package/macosx/Resources/English.lproj/AudioEffects.xib \
......
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.assets.movies.read-write</key>
<true/>
<key>com.apple.security.assets.music.read-write</key>
<true/>
<key>com.apple.security.assets.pictures.read-write</key>
<true/>
<key>com.apple.security.device.camera</key>
<true/>
<key>com.apple.security.device.microphone</key>
<true/>
<key>com.apple.security.device.usb</key>
<true/>
<key>com.apple.security.device.serial</key>
<true/>
<key>com.apple.security.files.downloads.read-write</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.temporary-exception.files.home-relative-path.read-only</key>
<string>/</string>
<key>com.apple.security.temporary-exception.files.absolute-path.read-only</key>
<string>/dev/</string>
</dict>
</plist>
#!/bin/sh
# Copyright @ 2012 Felix Paul Kühne <fkuehne at videolan dot org>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
info()
{
local green="\033[1;32m"
local normal="\033[0m"
echo "[${green}codesign${normal}] $1"
}
usage()
{
cat << EOF
usage: $0 [options]
Sign VLC.app in the current directory
OPTIONS:
-h Show this help
-i Identity to use
-t Entitlements file to use
EOF
}
while getopts "hi:t:" OPTION
do
case $OPTION in
h)
usage
exit 1
;;
i)
IDENTITY=$OPTARG
;;
t)
OPTIONS="--entitlements $OPTARG"
;;
esac
done
shift $(($OPTIND - 1))
if [ "x$1" != "x" ]; then
usage
exit 1
fi
info "Signing the executable"
codesign -s "$IDENTITY" $OPTIONS VLC.app/Contents/MacOS/VLC
info "Signing the modules"
find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign -s "$IDENTITY" $OPTIONS '{}' \;
info "Signing the libraries"
find VLC.app/Contents/MacOS/lib/* -type f -exec codesign -s "$IDENTITY" $OPTIONS '{}' \;
info "Signing the lua stuff"
find VLC.app/Contents/MacOS/share/lua/* -type f -exec codesign -s "$IDENTITY" $OPTIONS '{}' \;
info "all items signed, validating..."
info "Validating binary"
codesign --verify VLC.app/Contents/MacOS/VLC
info "Validating modules"
find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --verify '{}' \;
info "Validating libraries"
find VLC.app/Contents/MacOS/lib/* -type f -exec codesign --verify '{}' \;
info "Validating lua stuff"
find VLC.app/Contents/MacOS/share/lua/* -type f -exec codesign --verify '{}' \;
info "Validation complete"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment