[Libreoffice-commits] core.git: setup_native/source solenv/bin solenv/gbuild

2015-02-10 Thread Stephan Bergmann 
 setup_native/source/mac/CodesignRules.plist   |   17 
 solenv/bin/macosx-codesign-app-bundle |   35 +++---
 solenv/bin/modules/installer/simplepackage.pm |5 +--
 solenv/gbuild/platform/macosx.mk  |6 +++-
 4 files changed, 28 insertions(+), 35 deletions(-)

New commits:
commit 615fae2f67028f3c5c51c70c77dbaa9b9f3856d6
Author: Stephan Bergmann sberg...@redhat.com
Date:   Tue Feb 10 10:47:39 2015 +0100

Attempt at fixing Mac OS X code signing

...so that LibreOffice.app dmgs built with --enable-macosx-code-signing 
with an
appstore-enabled identity will hopefully no longer be rejected on Mac OS X 
=
10.9.5 as 'soffice' can't be opened because the identity of the developer
cannot be confirmed.  (Which I cannot verify for lack of an 
appstore-enabled
certificate, though.)

First of all, do not ignore errors from calls to codesign utitlity.  Really.

That reveals that soffice cannot be signed as soon as it is linked, as it
requires all the other stuff in the app to be already signed.  So just don't
sign it after linking, it will be signed last step in 
macosx-codesign-app-bundle
anyway.

Second, --resource-rules exemptions are no longer allowed per
https://developer.apple.com/library/mac/technotes/tn2206/_index.html OS X
Code Signing In Depth.

Third, the handful of remaining shell scripts in MacOS/ need to be signed 
too.
(Signing them adds extended attributes to the files.)

Unfortunately, as discussed at
http://porkrind.org/missives/mac-os-x-codesigning-woes/ Mac OS X 
codesigning
woes, hdiutil makehybrid drops extended attributes from the generated 
dmg (so
the dmg's LibreOffice.app would no longer be considered properly signed, as 
the
shell scripts would no longer be signed).  So switch from hdiutil 
makehybrid
to hdiutil create.

Change-Id: I4b587f87d504666f7a1d0e3a24a8be76f22014c5

diff --git a/setup_native/source/mac/CodesignRules.plist 
b/setup_native/source/mac/CodesignRules.plist
deleted file mode 100644
index 41b2321..000
--- a/setup_native/source/mac/CodesignRules.plist
+++ /dev/null
@@ -1,17 +0,0 @@
-?xml version=1.0 encoding=UTF-8?
-!DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN 
http://www.apple.com/DTDs/PropertyList-1.0.dtd;
-plist version=1.0
-dict
-keyrules/key
-dict
-
key^MacOS/(bootstraprc|fundamentalrc|setuprc|sofficerc|unorc|versionrc)$/key
-false/
-key^MacOS/pythonloader.unorc$/key
-false/
-key^MacOS/(senddoc|python|gengal|unoinfo)$/key
-false/
-key.*\.(png|svg|py|res|rdb)$/key
-false/
-/dict
-/dict
-/plist
diff --git a/solenv/bin/macosx-codesign-app-bundle 
b/solenv/bin/macosx-codesign-app-bundle
index d1ba433..78a7e53 100755
--- a/solenv/bin/macosx-codesign-app-bundle
+++ b/solenv/bin/macosx-codesign-app-bundle
@@ -42,19 +42,30 @@ find -d $APP_BUNDLE \( -name '*.dylib' -or -name '*.so' 
-or -name '*.fodt' \
 -or -name '*.applescript' \) ! -type l | grep -v 
LibreOfficePython\.framework | \
 while read file; do
 id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
-codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign 
$MACOSX_CODESIGNING_IDENTITY $file
+codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign 
$MACOSX_CODESIGNING_IDENTITY $file || exit 1
 done
 
 find $APP_BUNDLE -name '*.dylib.*' ! -type l | \
 while read dylib; do \
 id=`basename $dylib`; \
 id=`echo $id | sed -e 's/dylib.*/dylib/'`; \
-codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign 
$MACOSX_CODESIGNING_IDENTITY $dylib; \
+codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign 
$MACOSX_CODESIGNING_IDENTITY $dylib || exit 1
 done
 
 # The executables have already been signed by
 # gb_LinkTarget__command_dynamiclink in
-# solenv/gbuild/platform/macosx.mk.
+# solenv/gbuild/platform/macosx.mk, but sign the handful of scripts remaining
+# in MacOS
+# (https://developer.apple.com/library/mac/technotes/tn2206/_index.html OS X
+# Code Signing In Depth suggests we should get rid of them rather sooner than
+# later, but they appear to be OK for now):
+
+for i in gengal python senddoc unoinfo
+do
+codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$i \
+--sign $MACOSX_CODESIGNING_IDENTITY $APP_BUNDLE/Contents/MacOS/$i \
+|| exit 1
+done
 
 # Sign frameworks.
 #
@@ -67,32 +78,28 @@ for framework in `find $APP_BUNDLE -name '*.framework' 
-type d`; do \
 fn=${fn%.*}
 for version in $framework/Versions/*; do \
 if test ! -L $version -a -d $version; then
-codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. 
--sign $MACOSX_CODESIGNING_IDENTITY $version/$fn
-codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. 
--sign $MACOSX_CODESIGNING_IDENTITY $version
+codesign --force

[Libreoffice-commits] core.git: setup_native/source solenv/bin

2013-02-20 Thread Petr Mladek 
 setup_native/source/packinfo/packinfo_ure.txt |6 ++-
 solenv/bin/modules/installer/epmfile.pm   |   43 ++
 2 files changed, 34 insertions(+), 15 deletions(-)

New commits:
commit 2b3d675f0bb4a1b37ad502a67b1719b2fc3fc364
Author: Petr Mladek pmla...@suse.cz
Date:   Tue Feb 19 16:04:37 2013 +0100

fix dependencies of the obsolete stdlibs package on linux

The old version should get repalced by the ure package. It should also 
conflict
with the new ure package.

This commit adds support for %incompat epm tag. It produces conflicts in rpm
and deb. It can be defined in setup_native/source/packinfo by
linuxincompat.

This commit also removes obsolete hack for debian dependencies.
libreoffice-bundled conflict is mentioned in the desktop-integration package
these day. The hack in epmfile.pm was not used because no package
used replace tag.

Change-Id: I5e9cb89a6108c22c61287fce1ffc6baf3f618d15
Reviewed-on: https://gerrit.libreoffice.org/2260
Reviewed-by: Fridrich Strba fridr...@documentfoundation.org
Tested-by: Fridrich Strba fridr...@documentfoundation.org

diff --git a/setup_native/source/packinfo/packinfo_ure.txt 
b/setup_native/source/packinfo/packinfo_ure.txt
index dfa0375..36ebc0d 100644
--- a/setup_native/source/packinfo/packinfo_ure.txt
+++ b/setup_native/source/packinfo/packinfo_ure.txt
@@ -21,7 +21,8 @@ module = gid_Module_Root
 solarispackagename = %SOLSUREPACKAGEPREFIX%BRANDPACKAGEVERSION-ure
 solarisrequires = SUNWzlibr
 solarisprovides = %SOLSUREPACKAGEPREFIX%BRANDPACKAGEVERSION-stdlibs
-provides = %UREPACKAGEPREFIX%BRANDPACKAGEVERSION-stdlibs
+linuxreplaces = %UREPACKAGEPREFIX%BRANDPACKAGEVERSION-stdlibs
+linuxincompat = %UREPACKAGEPREFIX%BRANDPACKAGEVERSION-stdlibs
 packagename = %UREPACKAGEPREFIX%BRANDPACKAGEVERSION-ure
 copyright = 2012 The Document Foundation
 solariscopyright = solariscopyrightfile
@@ -36,7 +37,8 @@ module = gid_Module_Root_Ure_Hidden
 solarispackagename = %SOLSUREPACKAGEPREFIX%BRANDPACKAGEVERSION-ure
 solarisrequires = SUNWzlibr
 solarisprovides = %SOLSUREPACKAGEPREFIX%BRANDPACKAGEVERSION-stdlibs
-provides = %UREPACKAGEPREFIX%BRANDPACKAGEVERSION-stdlibs
+linuxreplaces = %UREPACKAGEPREFIX%BRANDPACKAGEVERSION-stdlibs
+linuxincompat = %UREPACKAGEPREFIX%BRANDPACKAGEVERSION-stdlibs
 packagename = %UREPACKAGEPREFIX%BRANDPACKAGEVERSION-ure
 copyright = 2012 The Document Foundation
 solariscopyright = solariscopyrightfile
diff --git a/solenv/bin/modules/installer/epmfile.pm 
b/solenv/bin/modules/installer/epmfile.pm
index 72420d4..7ee6d13 100644
--- a/solenv/bin/modules/installer/epmfile.pm
+++ b/solenv/bin/modules/installer/epmfile.pm
@@ -265,6 +265,8 @@ sub create_epm_header
 # %readme /test/replace/01/README01
 # %requires foo
 # %provides bar
+# %replaces bar
+# %incompat bar
 
 # The first language in the languages array determines the language of 
license and readme file
 
@@ -512,23 +514,38 @@ sub create_epm_header
$onereplaces = debian_rewrite($onereplaces);
 $line = %replaces .   . $onereplaces . \n;
 push(@epmheader, $line);
+}
+}
+}
 
-# Force the openofficeorg packages to get removed,
-# see 
http://www.debian.org/doc/debian-policy/ch-relationships.html
-# 7.5.2 Replacing whole packages, forcing their removal
+# including %incompat
 
-if ( $installer::globals::debian )
-{
-$line = %incompat .   . $onereplaces . \n;
-push(@epmheader, $line);
-}
-}
+my $incompat = ;
+
+if (( $installer::globals::issolarispkgbuild )  ( ! 
$installer::globals::patch ))
+{
+$incompat = solarisincompat;   # the name in the packagelist
+}
+elsif (( $installer::globals::islinuxbuild )  ( ! 
$installer::globals::patch ))
+{
+$incompat = linuxincompat;# the name in the packagelist
+}
+
+if (( $incompat )  ( ! $installer::globals::patch ))
+{
+if ( $onepackage-{$incompat} )
+{
+my $incompatstring = $onepackage-{$incompat};
 
-if ( $installer::globals::debian  
$variableshashref-{'UNIXPRODUCTNAME'} eq 'libreoffice' )
+my $allincompat = 
installer::converter::convert_stringlist_into_array(\$incompatstring, ,);
+
+for ( my $i = 0; $i = $#{$allincompat}; $i++ )
 {
-$line = %provides .  libreoffice-unbundled\n;
-push(@epmheader, $line);
-$line = %incompat .  libreoffice-bundled\n;
+my $oneincompat = ${$allincompat}[$i];
+$oneincompat =~ s/\s*$//;
+
installer::packagelist::resolve_packagevariables(\$oneincompat, 
$variableshashref, 1);
+$oneincompat = debian_rewrite($oneincompat);
+$line = %incompat .   .