[vlc-commits] extras/macosx: update codesign script for GateKeeper v2 needed to support future OS X releases

Felix Paul Kühne git at videolan.org
Thu Aug 21 19:37:49 CEST 2014


vlc/vlc-2.2 | branch: master | Felix Paul Kühne <fkuehne at videolan.org> | Thu Aug 21 19:35:29 2014 +0200| [017098e3759d73beb46785f882b9b731d2c1ff4e] | committer: Felix Paul Kühne

extras/macosx: update codesign script for GateKeeper v2 needed to support future OS X releases

(cherry picked from commit 367a9a4764d3acf174c9e3091289df9300a4a1a5)

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=017098e3759d73beb46785f882b9b731d2c1ff4e
---

 extras/package/macosx/codesign.sh |  138 +++++++++++++++++++++++++++++++++----
 1 file changed, 123 insertions(+), 15 deletions(-)

diff --git a/extras/package/macosx/codesign.sh b/extras/package/macosx/codesign.sh
index 5e12895..93456e0 100755
--- a/extras/package/macosx/codesign.sh
+++ b/extras/package/macosx/codesign.sh
@@ -1,5 +1,5 @@
-#!/bin/sh
-# Copyright @ 2012 Felix Paul Kühne <fkuehne at videolan dot org>
+#!/bin/bash
+# Copyright (C) 2012-2014 Felix Paul Kühne <fkuehne at videolan dot org>
 #
 # This program is free software; you can redistribute it and/or modify it
 # under the terms of the GNU Lesser General Public License as published by
@@ -17,9 +17,9 @@
 
 info()
 {
-    local green="\033[1;32m"
-    local normal="\033[0m"
-    echo "[${green}codesign${normal}] $1"
+    green='\x1B[1;32m'
+    normal='\x1B[0m'
+    echo -e "[${green}codesign${normal}] $1"
 }
 
 usage()
@@ -65,8 +65,12 @@ fi
 
 if test -z "$GK"
 then
+
+    info "Signing frameworks"
+    find VLC.app/Contents/Frameworks/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
+
     info "Signing the executable"
-    codesign --force --sign "$IDENTITY" $OPTIONS VLC.app/Contents/MacOS/VLC
+    codesign --force -s "$IDENTITY" $OPTIONS VLC.app/Contents/MacOS/VLC
 
     info "Signing the modules"
     find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
@@ -77,25 +81,129 @@ then
     info "Signing the lua stuff"
     find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
 else
-    REQUIREMENT="=designated => anchor apple generic  and identifier \"org.videolan.vlc\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists  and certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))"
-
-    info "Signing the executable"
-    codesign --force --sign "$IDENTITY" $OPTIONS --requirements "$REQUIREMENT" VLC.app/Contents/MacOS/VLC
+    IDENTIFIER="com.binarymethod.BGHUDAppKit"
+
+    FIRSTPARTOF_REQUIREMENT="=designated => anchor apple generic  and identifier \""
+    SECONDPARTOF_REQUIREMENT="\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists  and certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))"
+
+    info "Cleaning frameworks"
+    find VLC.app/Contents/Frameworks -type f -name ".DS_Store" -exec rm '{}' \;
+    find VLC.app/Contents/Frameworks -type f -name "*.textile" -exec rm '{}' \;
+    find VLC.app/Contents/Frameworks -type f -name "*.txt" -exec rm '{}' \;
+
+    info "Signing frameworks"
+    codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/BGHUDAppKit.framework/Versions/A
+    IDENTIFIER="com.growl.growlframework"
+    codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Growl.framework/Versions/A
+    IDENTIFIER="org.andymatuschak.Sparkle"
+    codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A
+
+    info "Signing the framework headers"
+    for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.h" -exec echo {} \;`
+    do
+        fbname=$(basename "$i")
+        filename="${fbname%.*}"
+
+        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+    done
+
+    info "Signing the framework strings"
+    for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.strings" -exec echo {} \;`
+    do
+        fbname=$(basename "$i")
+        filename="${fbname%.*}"
+
+        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+    done
+
+    info "Signing the framework plist files"
+    for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.plist" -exec echo {} \;`
+    do
+        fbname=$(basename "$i")
+        filename="${fbname%.*}"
+
+        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+    done
+
+    info "Signing the framework nib files"
+    for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.nib" -exec echo {} \;`
+    do
+        fbname=$(basename "$i")
+        filename="${fbname%.*}"
+
+        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+    done
+
+    info "Signing the Sparkle updater tool"
+    for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "PkgInfo" -exec echo {} \;`
+    do
+        fbname=$(basename "$i")
+        filename="${fbname%.*}"
+
+        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+    done
+    for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "Autoupdate" -exec echo {} \;`
+    do
+        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+    done
+    for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "*.icns" -exec echo {} \;`
+    do
+        fbname=$(basename "$i")
+        filename="${fbname%.*}"
+
+        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+    done
+
+    info "Signing the headers"
+    for i in `find VLC.app/Contents/MacOS/include/* -type f -exec echo {} \;`
+    do
+        fbname=$(basename "$i")
+        filename="${fbname%.*}"
+
+        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+    done
 
     info "Signing the modules"
-    find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS --requirements "$REQUIREMENT" '{}' \;
+
+    for i in `find VLC.app/Contents/MacOS/plugins/* -type f -exec echo {} \;`
+    do
+        fbname=$(basename "$i")
+        filename="${fbname%.*}"
+
+        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+    done
 
     info "Signing the libraries"
-    find VLC.app/Contents/MacOS/lib/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS --requirements "$REQUIREMENT" '{}' \;
 
-    info "Signing the lua stuff"
-    find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --force -s "$IDENTITY" $OPTIONS --requirements "$REQUIREMENT" '{}' \;
+    for i in `find VLC.app/Contents/MacOS/lib/* -type f -exec echo {} \;`
+    do
+        fbname=$(basename "$i")
+        filename="${fbname%.*}"
+
+        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+    done
+
+    info "Signing share"
+
+    for i in `find VLC.app/Contents/MacOS/share/* -type f -exec echo {} \;`
+    do
+        fbname=$(basename "$i")
+        filename="${fbname%.*}"
+
+        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+    done
+
+    info "Signing the executable"
+    codesign --force -s "$IDENTITY" --requirements "$FIRSTPARTOF_REQUIREMENTorg.videolan.vlc$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/MacOS/VLC
 fi
 
 info "all items signed, validating..."
 
 info "Validating binary"
-codesign --verify VLC.app/Contents/MacOS/VLC
+codesign --verify --verbose=4 VLC.app/Contents/MacOS/VLC
+
+info "Validating frameworks"
+find VLC.app/Contents/Frameworks/* -type f -exec codesign --verify '{}' \;
 
 info "Validating modules"
 find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --verify '{}' \;



More information about the vlc-commits mailing list