[vlc-commits] mac codesign: improve signing script

David Fuhrmann git at videolan.org
Sun Aug 31 19:08:00 CEST 2014


vlc/vlc-2.2 | branch: master | David Fuhrmann <dfuhrmann at videolan.org> | Sat Aug 30 16:32:23 2014 +0200| [7fc850c52b1ce823f8fdb014911d2586dc4ffd96] | committer: Felix Paul Kühne

mac codesign: improve signing script

- add signing of sparkles autoupdate tool
- directly fail on error
- fix bug preventing signing of VLC binary
- rework validation steps so that it validates frameworks and autoupdate
  tool separately, but then the complete bundle like gatekeeper (using
  --deep option)

Signed-off-by: Felix Paul Kühne <fkuehne at videolan.org>
(cherry picked from commit 699533d5b940bad7ddaffff99f31c83da630fd55)

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=7fc850c52b1ce823f8fdb014911d2586dc4ffd96
---

 extras/package/macosx/codesign.sh |   53 ++++++++++++-------------------------
 1 file changed, 17 insertions(+), 36 deletions(-)

diff --git a/extras/package/macosx/codesign.sh b/extras/package/macosx/codesign.sh
index 93456e0..9e623a1 100755
--- a/extras/package/macosx/codesign.sh
+++ b/extras/package/macosx/codesign.sh
@@ -15,6 +15,8 @@
 # along with this program; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
 
+set -e
+
 info()
 {
     green='\x1B[1;32m'
@@ -81,8 +83,6 @@ then
     info "Signing the lua stuff"
     find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
 else
-    IDENTIFIER="com.binarymethod.BGHUDAppKit"
-
     FIRSTPARTOF_REQUIREMENT="=designated => anchor apple generic  and identifier \""
     SECONDPARTOF_REQUIREMENT="\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists  and certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))"
 
@@ -92,11 +92,14 @@ else
     find VLC.app/Contents/Frameworks -type f -name "*.txt" -exec rm '{}' \;
 
     info "Signing frameworks"
-    codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/BGHUDAppKit.framework/Versions/A
+    IDENTIFIER="com.binarymethod.BGHUDAppKit"
+    codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/BGHUDAppKit.framework/Versions/A
     IDENTIFIER="com.growl.growlframework"
-    codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Growl.framework/Versions/A
+    codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Growl.framework/Versions/A
+    IDENTIFIER="org.andymatuschak.sparkle.Autoupdate"
+    codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Sparkle.framework/Resources/Autoupdate.app
     IDENTIFIER="org.andymatuschak.Sparkle"
-    codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A
+    codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A
 
     info "Signing the framework headers"
     for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.h" -exec echo {} \;`
@@ -134,26 +137,6 @@ else
         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
     done
 
-    info "Signing the Sparkle updater tool"
-    for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "PkgInfo" -exec echo {} \;`
-    do
-        fbname=$(basename "$i")
-        filename="${fbname%.*}"
-
-        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
-    done
-    for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "Autoupdate" -exec echo {} \;`
-    do
-        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
-    done
-    for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "*.icns" -exec echo {} \;`
-    do
-        fbname=$(basename "$i")
-        filename="${fbname%.*}"
-
-        codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
-    done
-
     info "Signing the headers"
     for i in `find VLC.app/Contents/MacOS/include/* -type f -exec echo {} \;`
     do
@@ -194,24 +177,22 @@ else
     done
 
     info "Signing the executable"
-    codesign --force -s "$IDENTITY" --requirements "$FIRSTPARTOF_REQUIREMENTorg.videolan.vlc$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/MacOS/VLC
+    IDENTIFIER="org.videolan.vlc"
+    codesign --force -s "$IDENTITY" --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/MacOS/VLC
 fi
 
 info "all items signed, validating..."
 
-info "Validating binary"
-codesign --verify --verbose=4 VLC.app/Contents/MacOS/VLC
-
 info "Validating frameworks"
-find VLC.app/Contents/Frameworks/* -type f -exec codesign --verify '{}' \;
+codesign --verify -vv VLC.app/Contents/Frameworks/BGHUDAppKit.framework
+codesign --verify -vv VLC.app/Contents/Frameworks/Growl.framework
+codesign --verify -vv VLC.app/Contents/Frameworks/Sparkle.framework
 
-info "Validating modules"
-find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --verify '{}' \;
+info "Validating autoupdate app"
+codesign --verify -vv VLC.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Resources/Autoupdate.app
 
-info "Validating libraries"
-find VLC.app/Contents/MacOS/lib/* -type f -exec codesign --verify '{}' \;
+info "Validating complete bundle"
+codesign --verify --deep --verbose=4 VLC.app
 
-info "Validating lua stuff"
-find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --verify '{}' \;
 
 info "Validation complete"



More information about the vlc-commits mailing list