config_host.mk.in | 1
configure.ac | 35 ++++++++++++++++++++++++
solenv/bin/modules/installer/simplepackage.pm | 37 ++++++++++++++++++++++++++
3 files changed, 73 insertions(+)
New commits:
commit 4db4976033e55e35eb779e0f9083981f8a2b2cbc
Author: Tor Lillqvist <t...@iki.fi>
Date: Fri Feb 8 01:08:42 2013 +0200
Add support for codesigning on Mac OS X
Only sign the .app. Presumably that's enough here in the 4.0 branch.
Change-Id: I7a25c6b7bfa2047b1cb6bcb913750b1b476124f6
Reviewed-on: https://gerrit.libreoffice.org/2031
Reviewed-by: Norbert Thiebaud <nthieb...@gmail.com>
Tested-by: Norbert Thiebaud <nthieb...@gmail.com>
diff --git a/config_host.mk.in b/config_host.mk.in
index d7ede5a..7b9834d 100644
--- a/config_host.mk.in
+++ b/config_host.mk.in
@@ -312,6 +312,7 @@ export LIBXSLT_LIBS=$(gb_SPACE)@LIBXSLT_LIBS@
export LINK_X64_BINARY=@LINK_X64_BINARY@
@x_Cygwin@ export LS=@WIN_LS@
export MANDIR=@MANDIR@
+export MACOSX_CODESIGNING_IDENTITY=@MACOSX_CODESIGNING_IDENTITY@
export MACOSX_DEPLOYMENT_TARGET=@MACOSX_DEPLOYMENT_TARGET@
export MACOSX_DEPLOYMENT_TARGET_FOR_BUILD=@MACOSX_DEPLOYMENT_TARGET_FOR_BUILD@
export MACOSX_SDK_PATH=@MACOSX_SDK_PATH@
diff --git a/configure.ac b/configure.ac
index 5bdbd37..e7c06f2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1081,6 +1081,15 @@ AC_ARG_ENABLE(silent-msi,
[Enable MSI with LIMITUI=1 (silent install).]),
,)
+AC_ARG_ENABLE(macosx-code-signing,
+ AS_HELP_STRING([--enable-macosx-code-signing<=identity>],
+ [Sign the app bundle being stored in the disk image. The
+ default is to do signing if there is a suitable certificate
+ in your keychain, so if you don't want that, use the
+ corresponding --disable option. Experimental work in
+ progress, don't use unless you are working on this.]),
+,)
+
AC_ARG_ENABLE(postgresql-sdbc,
AS_HELP_STRING([--disable-postgresql-sdbc],
[Disable the build of the PostgreSQL-SDBC driver.])
@@ -2822,6 +2831,31 @@ if test "$_os" = "Darwin"; then
fi
AC_MSG_NOTICE([MAC_OS_X_VERSION_MIN_REQUIRED=$MAC_OS_X_VERSION_MIN_REQUIRED])
AC_MSG_NOTICE([MAC_OS_X_VERSION_MAX_ALLOWED=$MAC_OS_X_VERSION_MAX_ALLOWED])
+
+ AC_MSG_CHECKING([whether to do code signing])
+
+ if test -z "$enable_macosx_code_signing" -o "$enable_macosx_code_signing"
= yes; then
+ # By default use the first suitable certificate (?).
+
+ #
http://stackoverflow.com/questions/13196291/difference-between-mac-developer-and-3rd-party-mac-developer-application
+ # says that the "Mac Developer" certificate is useful just for
self-testing. For distribution
+ # outside the Mac App Store, use the "Developer ID Application" one,
and for distribution in
+ # the App Store, the "3rd Party Mac Developer" one. I think it works
best to the the
+ # "Developer ID Application" one.
+
+ identity=`security find-identity -p codesigning -v 2>/dev/null | grep
'Developer ID Application:' | awk '{print $2}' |head -1`
+ if test -n "$identity"; then
+ MACOSX_CODESIGNING_IDENTITY=$identity
+ pretty_name=`security find-identity -p codesigning -v | grep
$MACOSX_CODESIGNING_IDENTITY | sed -e 's/^[[^"]]*"//' -e 's/"//'`
+ AC_MSG_RESULT([yes, using the identity
$MACOSX_CODESIGNING_IDENTITY for $pretty_name])
+ fi
+ elif test -n "$enable_macosx_code_signing"; then
+ MACOSX_CODESIGNING_IDENTITY=$enable_macosx_code_signing
+ pretty_name=`security find-identity -p codesigning -v | grep
$MACOSX_CODESIGNING_IDENTITY | sed -e 's/^[[^"]]*"//' -e 's/"//'`
+ AC_MSG_RESULT([yes, using the identity $MACOSX_CODESIGNING_IDENTITY
for $pretty_name])
+ else
+ AC_MSG_RESULT([no])
+ fi
fi
AC_SUBST(FRAMEWORKSHOME)
AC_SUBST(MACOSX_SDK_PATH)
@@ -2830,6 +2864,7 @@ AC_SUBST(MACOSX_DEPLOYMENT_TARGET)
AC_SUBST(MAC_OS_X_VERSION_MIN_REQUIRED)
AC_SUBST(MAC_OS_X_VERSION_MAX_ALLOWED)
AC_SUBST(XCRUN)
+AC_SUBST(MACOSX_CODESIGNING_IDENTITY)
dnl ===================================================================
dnl Windows specific tests and stuff
diff --git a/solenv/bin/modules/installer/simplepackage.pm
b/solenv/bin/modules/installer/simplepackage.pm
index 561b0fe..26911a4 100755
--- a/solenv/bin/modules/installer/simplepackage.pm
+++ b/solenv/bin/modules/installer/simplepackage.pm
@@ -418,6 +418,43 @@ sub create_package
chdir $localfrom;
}
+ else
+ {
+ if (defined($ENV{'MACOSX_CODESIGNING_IDENTITY'}))
+ {
+ # Just sign the .app as a whole, which means signing
+ # the CFBundleExecutable from Info.plist,
+ # i.e. soffice, plus the contents of the Resources
+ # treee (which is not much, far from all of our
+ # non-code "resources").
+
+ # Don't bother here in the 4.0 branch to sign each
+ # individual .dylib, or each additional binary. See
+ # master for more work plus possibly eventually
+ # re-organising the app bundle structure to be more
+ # Mac-like (the "program" symlink, eek!) and actually
+ # putting all non-code resources (including extension
+ # scripts!) into Resources so that they participate
+ # in the signing and their validity can be guaranteed.
+
+ $systemcall = "codesign --sign
$ENV{'MACOSX_CODESIGNING_IDENTITY'} -v -v -v
$tempdir/$packagename/$volume_name_classic_app.app";
+ print "... $systemcall ...\n";
+ my $returnvalue = system($systemcall);
+ $infoline = "Systemcall: $systemcall\n";
+ push( @installer::globals::logfileinfo, $infoline);
+
+ if ($returnvalue)
+ {
+ $infoline = "ERROR: Could not execute \"$systemcall\"!\n";
+ push( @installer::globals::logfileinfo, $infoline);
+ }
+ else
+ {
+ $infoline = "Success: Executed \"$systemcall\"
successfully!\n";
+ push( @installer::globals::logfileinfo, $infoline);
+ }
+ }
+ }
$systemcall = "cd $localtempdir && hdiutil makehybrid -hfs
-hfs-openfolder $folder $folder -hfs-volume-name \"$volume_name\" -ov -o
$installdir/tmp && hdiutil convert -ov -format UDBZ $installdir/tmp.dmg -o
$archive && ";
if (( $ref ne "" ) && ( $$ref ne "" )) {
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
