solenv/bin/macosx-codesign-app-bundle | 47 ++++++++++++++++++++++++++--------
1 file changed, 37 insertions(+), 10 deletions(-)
New commits:
commit cb76a9c17dcf38817ca45c4675f52dcab01a7749
Author: Norbert Thiebaud <nthieb...@gmail.com>
Date: Sat Mar 18 09:43:47 2017 -0500
codesigning script for macosx compained about double signing
Release build of 5.3.2.1 failed in codesign
apparently LibreOfficePython.framework was being signed more than
once, which cause codesign to fail and due to a recent
patch to harden the codesign wrapper, the build itself to fail
This does not address why some part are signed multiple time
but merely tell codesign to ignore the issue and just sign
This also fix a bash un-initialize variable warning and
capture output of codesign in case of error to be able to diagnose
things.
Change-Id: Ibd6752702feb2bdf5163ac30ed7a3fd9c86f961c
Reviewed-on: https://gerrit.libreoffice.org/35407
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: Norbert Thiebaud <nthieb...@gmail.com>
(cherry picked from commit a332bb9a6cc19f0c212892b3f304583338b0a094)
Reviewed-on: https://gerrit.libreoffice.org/35542
Reviewed-by: Miklos Vajna <vmik...@collabora.co.uk>
diff --git a/solenv/bin/macosx-codesign-app-bundle
b/solenv/bin/macosx-codesign-app-bundle
index 1149e70ea6d1..a330205e9915 100755
--- a/solenv/bin/macosx-codesign-app-bundle
+++ b/solenv/bin/macosx-codesign-app-bundle
@@ -26,7 +26,7 @@ for V in \
done
APP_BUNDLE="$1"
-
+entitlements=
if test -n "$ENABLE_MACOSX_SANDBOX"; then
# In a sandboxed build executables need the entitlements
entitlements="--entitlements $BUILDDIR/lo.xcent"
@@ -47,7 +47,11 @@ fi
find -d "$APP_BUNDLE" \( -name '*.jnilib' \) ! -type l |
while read file; do
id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
- codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign
"$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1
+ codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id
--sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename
"$file").log" 2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_$(basename "$file").log"
done
# Sign dylibs
@@ -62,7 +66,11 @@ find "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.dylib.*'
-or -name '*.so' \
$other_files \) ! -type l |
while read file; do
id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
- codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign
"$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1
+ codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id
--sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename
"$file").log" 2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_$(basename "$file").log"
done
# Sign included bundles. First .app ones (i.e. the Python.app inside
@@ -74,7 +82,11 @@ while read app; do
fn=${fn%.*}
# Assume the app has a XML (and not binary) Info.plist
id=`grep -A 1 '<key>CFBundleIdentifier</key>' $app/Contents/Info.plist |
tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'`
- codesign --verbose --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY"
$entitlements "$app" || exit 1
+ codesign --verbose --force --identifier=$id --sign
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" > "/tmp/codesign_${fn}.log"
2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_${fn}.log"
done
# Then .framework ones. Again, be generic just for kicks.
@@ -87,8 +99,12 @@ while read framework; do
if test ! -L "$version" -a -d "$version"; then
# Assume the framework has a XML (and not binary) Info.plist
id=`grep -A 1 '<key>CFBundleIdentifier</key>'
$version/Resources/Info.plist | tail -1 | sed -e 's,.*<string>,,' -e
's,</string>.*,,'`
- codesign --verbose --identifier=$id --sign
"$MACOSX_CODESIGNING_IDENTITY" "$version" || exit 1
- fi
+ codesign --verbose --force --identifier=$id --sign
"$MACOSX_CODESIGNING_IDENTITY" "$version" > "/tmp/codesign_${fn}.log" 2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_${fn}.log"
+ fi
done
done
@@ -96,7 +112,11 @@ done
find "$APP_BUNDLE" -name '*.mdimporter' -type d |
while read bundle; do
- codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign
"$MACOSX_CODESIGNING_IDENTITY" "$bundle" || exit 1
+ codesign --verbose --force --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign
"$MACOSX_CODESIGNING_IDENTITY" "$bundle" > "/tmp/codesign_$(basename
"${bundle}").log" 2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_$(basename "${bundle}").log"
done
# Sign executables
@@ -108,7 +128,11 @@ while read file; do
;;
*)
id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
- codesign --force --verbose
--identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" || exit 1
+ codesign --force --verbose
--identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" >
"/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log" 2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log"
;;
esac
done
@@ -127,6 +151,9 @@ done
id=`echo ${PRODUCTNAME} | tr ' ' '-'`
-codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1
-
+codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" >
"/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log" 2>&1
+if [ "$?" != "0" ] ; then
+ exit 1
+fi
+rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log"
exit 0
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
