[vlc-commits] extras/macosx: update codesign script for GateKeeper v2 needed to support future OS X releases
Felix Paul Kühne
git at videolan.org
Thu Aug 21 19:37:49 CEST 2014
vlc/vlc-2.2 | branch: master | Felix Paul Kühne <fkuehne at videolan.org> | Thu Aug 21 19:35:29 2014 +0200| [017098e3759d73beb46785f882b9b731d2c1ff4e] | committer: Felix Paul Kühne
extras/macosx: update codesign script for GateKeeper v2 needed to support future OS X releases
(cherry picked from commit 367a9a4764d3acf174c9e3091289df9300a4a1a5)
> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=017098e3759d73beb46785f882b9b731d2c1ff4e
---
extras/package/macosx/codesign.sh | 138 +++++++++++++++++++++++++++++++++----
1 file changed, 123 insertions(+), 15 deletions(-)
diff --git a/extras/package/macosx/codesign.sh b/extras/package/macosx/codesign.sh
index 5e12895..93456e0 100755
--- a/extras/package/macosx/codesign.sh
+++ b/extras/package/macosx/codesign.sh
@@ -1,5 +1,5 @@
-#!/bin/sh
-# Copyright @ 2012 Felix Paul Kühne <fkuehne at videolan dot org>
+#!/bin/bash
+# Copyright (C) 2012-2014 Felix Paul Kühne <fkuehne at videolan dot org>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
@@ -17,9 +17,9 @@
info()
{
- local green="\033[1;32m"
- local normal="\033[0m"
- echo "[${green}codesign${normal}] $1"
+ green='\x1B[1;32m'
+ normal='\x1B[0m'
+ echo -e "[${green}codesign${normal}] $1"
}
usage()
@@ -65,8 +65,12 @@ fi
if test -z "$GK"
then
+
+ info "Signing frameworks"
+ find VLC.app/Contents/Frameworks/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
+
info "Signing the executable"
- codesign --force --sign "$IDENTITY" $OPTIONS VLC.app/Contents/MacOS/VLC
+ codesign --force -s "$IDENTITY" $OPTIONS VLC.app/Contents/MacOS/VLC
info "Signing the modules"
find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
@@ -77,25 +81,129 @@ then
info "Signing the lua stuff"
find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
else
- REQUIREMENT="=designated => anchor apple generic and identifier \"org.videolan.vlc\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists and certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))"
-
- info "Signing the executable"
- codesign --force --sign "$IDENTITY" $OPTIONS --requirements "$REQUIREMENT" VLC.app/Contents/MacOS/VLC
+ IDENTIFIER="com.binarymethod.BGHUDAppKit"
+
+ FIRSTPARTOF_REQUIREMENT="=designated => anchor apple generic and identifier \""
+ SECONDPARTOF_REQUIREMENT="\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists and certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))"
+
+ info "Cleaning frameworks"
+ find VLC.app/Contents/Frameworks -type f -name ".DS_Store" -exec rm '{}' \;
+ find VLC.app/Contents/Frameworks -type f -name "*.textile" -exec rm '{}' \;
+ find VLC.app/Contents/Frameworks -type f -name "*.txt" -exec rm '{}' \;
+
+ info "Signing frameworks"
+ codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/BGHUDAppKit.framework/Versions/A
+ IDENTIFIER="com.growl.growlframework"
+ codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Growl.framework/Versions/A
+ IDENTIFIER="org.andymatuschak.Sparkle"
+ codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A
+
+ info "Signing the framework headers"
+ for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.h" -exec echo {} \;`
+ do
+ fbname=$(basename "$i")
+ filename="${fbname%.*}"
+
+ codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+ done
+
+ info "Signing the framework strings"
+ for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.strings" -exec echo {} \;`
+ do
+ fbname=$(basename "$i")
+ filename="${fbname%.*}"
+
+ codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+ done
+
+ info "Signing the framework plist files"
+ for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.plist" -exec echo {} \;`
+ do
+ fbname=$(basename "$i")
+ filename="${fbname%.*}"
+
+ codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+ done
+
+ info "Signing the framework nib files"
+ for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.nib" -exec echo {} \;`
+ do
+ fbname=$(basename "$i")
+ filename="${fbname%.*}"
+
+ codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+ done
+
+ info "Signing the Sparkle updater tool"
+ for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "PkgInfo" -exec echo {} \;`
+ do
+ fbname=$(basename "$i")
+ filename="${fbname%.*}"
+
+ codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+ done
+ for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "Autoupdate" -exec echo {} \;`
+ do
+ codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+ done
+ for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "*.icns" -exec echo {} \;`
+ do
+ fbname=$(basename "$i")
+ filename="${fbname%.*}"
+
+ codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+ done
+
+ info "Signing the headers"
+ for i in `find VLC.app/Contents/MacOS/include/* -type f -exec echo {} \;`
+ do
+ fbname=$(basename "$i")
+ filename="${fbname%.*}"
+
+ codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+ done
info "Signing the modules"
- find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS --requirements "$REQUIREMENT" '{}' \;
+
+ for i in `find VLC.app/Contents/MacOS/plugins/* -type f -exec echo {} \;`
+ do
+ fbname=$(basename "$i")
+ filename="${fbname%.*}"
+
+ codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+ done
info "Signing the libraries"
- find VLC.app/Contents/MacOS/lib/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS --requirements "$REQUIREMENT" '{}' \;
- info "Signing the lua stuff"
- find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --force -s "$IDENTITY" $OPTIONS --requirements "$REQUIREMENT" '{}' \;
+ for i in `find VLC.app/Contents/MacOS/lib/* -type f -exec echo {} \;`
+ do
+ fbname=$(basename "$i")
+ filename="${fbname%.*}"
+
+ codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+ done
+
+ info "Signing share"
+
+ for i in `find VLC.app/Contents/MacOS/share/* -type f -exec echo {} \;`
+ do
+ fbname=$(basename "$i")
+ filename="${fbname%.*}"
+
+ codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
+ done
+
+ info "Signing the executable"
+ codesign --force -s "$IDENTITY" --requirements "$FIRSTPARTOF_REQUIREMENTorg.videolan.vlc$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/MacOS/VLC
fi
info "all items signed, validating..."
info "Validating binary"
-codesign --verify VLC.app/Contents/MacOS/VLC
+codesign --verify --verbose=4 VLC.app/Contents/MacOS/VLC
+
+info "Validating frameworks"
+find VLC.app/Contents/Frameworks/* -type f -exec codesign --verify '{}' \;
info "Validating modules"
find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --verify '{}' \;
More information about the vlc-commits
mailing list