[vlc-commits] mac codesign: improve signing script

David Fuhrmann Sun, 31 Aug 2014 10:09:50 -0700

vlc/vlc-2.1 | branch: master | David Fuhrmann <[email protected]> | Sat 
Aug 30 16:32:23 2014 +0200| [eff827488dceeb026504938860ba5353b227ccb9] | 
committer: Felix Paul Kühne


mac codesign: improve signing script

- add signing of sparkles autoupdate tool
- directly fail on error
- fix bug preventing signing of VLC binary
- rework validation steps so that it validates frameworks and autoupdate
  tool separately, but then the complete bundle like gatekeeper (using
  --deep option)

Signed-off-by: Felix Paul Kühne <[email protected]>
(cherry picked from commit 699533d5b940bad7ddaffff99f31c83da630fd55)

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.1.git/?a=commit;h=eff827488dceeb026504938860ba5353b227ccb9
---

 extras/package/macosx/codesign.sh |   53 ++++++++++++-------------------------
 1 file changed, 17 insertions(+), 36 deletions(-)

diff --git a/extras/package/macosx/codesign.sh 
b/extras/package/macosx/codesign.sh
index 93456e0..9e623a1 100755
--- a/extras/package/macosx/codesign.sh
+++ b/extras/package/macosx/codesign.sh
@@ -15,6 +15,8 @@
 # along with this program; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
 
+set -e
+
 info()
 {
     green='\x1B[1;32m'
@@ -81,8 +83,6 @@ then
     info "Signing the lua stuff"
     find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign 
--force -s "$IDENTITY" $OPTIONS '{}' \;
 else
-    IDENTIFIER="com.binarymethod.BGHUDAppKit"
-
     FIRSTPARTOF_REQUIREMENT="=designated => anchor apple generic  and 
identifier \""
     SECONDPARTOF_REQUIREMENT="\" and ((cert 
leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 
1[field.1.2.840.113635.100.6.2.6] exists and certificate 
leaf[field.1.2.840.113635.100.6.1.13] exists  and certificate leaf[subject.OU] 
= \"75GAHG3SZQ\" ))"
 
@@ -92,11 +92,14 @@ else
     find VLC.app/Contents/Frameworks -type f -name "*.txt" -exec rm '{}' \;
 
     info "Signing frameworks"
-    codesign --force --deep --verbose -s "$IDENTITY" 
--preserve-metadata=identifier,entitlements,resource-rules --requirements 
"$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" 
VLC.app/Contents/Frameworks/BGHUDAppKit.framework/Versions/A
+    IDENTIFIER="com.binarymethod.BGHUDAppKit"
+    codesign --force --verbose -s "$IDENTITY" 
--preserve-metadata=identifier,entitlements,resource-rules --requirements 
"$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" 
VLC.app/Contents/Frameworks/BGHUDAppKit.framework/Versions/A
     IDENTIFIER="com.growl.growlframework"
-    codesign --force --deep --verbose -s "$IDENTITY" 
--preserve-metadata=identifier,entitlements,resource-rules --requirements 
"$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" 
VLC.app/Contents/Frameworks/Growl.framework/Versions/A
+    codesign --force --verbose -s "$IDENTITY" 
--preserve-metadata=identifier,entitlements,resource-rules --requirements 
"$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" 
VLC.app/Contents/Frameworks/Growl.framework/Versions/A
+    IDENTIFIER="org.andymatuschak.sparkle.Autoupdate"
+    codesign --force --verbose -s "$IDENTITY" 
--preserve-metadata=identifier,entitlements,resource-rules --requirements 
"$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" 
VLC.app/Contents/Frameworks/Sparkle.framework/Resources/Autoupdate.app
     IDENTIFIER="org.andymatuschak.Sparkle"
-    codesign --force --deep --verbose -s "$IDENTITY" 
--preserve-metadata=identifier,entitlements,resource-rules --requirements 
"$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" 
VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A
+    codesign --force --verbose -s "$IDENTITY" 
--preserve-metadata=identifier,entitlements,resource-rules --requirements 
"$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" 
VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A
 
     info "Signing the framework headers"
     for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.h" -exec 
echo {} \;`
@@ -134,26 +137,6 @@ else
         codesign --force -s "$IDENTITY" 
--preserve-metadata=identifier,entitlements,resource-rules --requirements 
"$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
     done
 
-    info "Signing the Sparkle updater tool"
-    for i in `find 
VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f 
-name "PkgInfo" -exec echo {} \;`
-    do
-        fbname=$(basename "$i")
-        filename="${fbname%.*}"
-
-        codesign --force -s "$IDENTITY" 
--preserve-metadata=identifier,entitlements,resource-rules --requirements 
"$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
-    done
-    for i in `find 
VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f 
-name "Autoupdate" -exec echo {} \;`
-    do
-        codesign --force -s "$IDENTITY" 
--preserve-metadata=identifier,entitlements,resource-rules --requirements 
"$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
-    done
-    for i in `find 
VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f 
-name "*.icns" -exec echo {} \;`
-    do
-        fbname=$(basename "$i")
-        filename="${fbname%.*}"
-
-        codesign --force -s "$IDENTITY" 
--preserve-metadata=identifier,entitlements,resource-rules --requirements 
"$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
-    done
-
     info "Signing the headers"
     for i in `find VLC.app/Contents/MacOS/include/* -type f -exec echo {} \;`
     do
@@ -194,24 +177,22 @@ else
     done
 
     info "Signing the executable"
-    codesign --force -s "$IDENTITY" --requirements 
"$FIRSTPARTOF_REQUIREMENTorg.videolan.vlc$SECONDPARTOF_REQUIREMENT" 
VLC.app/Contents/MacOS/VLC
+    IDENTIFIER="org.videolan.vlc"
+    codesign --force -s "$IDENTITY" --requirements 
"$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" 
VLC.app/Contents/MacOS/VLC
 fi
 
 info "all items signed, validating..."
 
-info "Validating binary"
-codesign --verify --verbose=4 VLC.app/Contents/MacOS/VLC
-
 info "Validating frameworks"
-find VLC.app/Contents/Frameworks/* -type f -exec codesign --verify '{}' \;
+codesign --verify -vv VLC.app/Contents/Frameworks/BGHUDAppKit.framework
+codesign --verify -vv VLC.app/Contents/Frameworks/Growl.framework
+codesign --verify -vv VLC.app/Contents/Frameworks/Sparkle.framework
 
-info "Validating modules"
-find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --verify '{}' \;
+info "Validating autoupdate app"
+codesign --verify -vv 
VLC.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Resources/Autoupdate.app
 
-info "Validating libraries"
-find VLC.app/Contents/MacOS/lib/* -type f -exec codesign --verify '{}' \;
+info "Validating complete bundle"
+codesign --verify --deep --verbose=4 VLC.app
 
-info "Validating lua stuff"
-find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign 
--verify '{}' \;
 
 info "Validation complete"

_______________________________________________
vlc-commits mailing list
[email protected]
https://mailman.videolan.org/listinfo/vlc-commits

[vlc-commits] mac codesign: improve signing script

Reply via email to