[vlc-commits] macOS codesign: Add jar files, drop explicit requirement

David Fuhrmann git at videolan.org
Thu Feb 8 23:41:08 CET 2018 

vlc | branch: master | David Fuhrmann <dfuhrmann at videolan.org> | Thu Feb  8 19:08:21 2018 +0100| [55a093d8f2b10e589efd3eb4b7a5b3a83371e1fb] | committer: David Fuhrmann

macOS codesign: Add jar files, drop explicit requirement

The jar file needs special treatment to be signed correctly:
- The identifier must be without any dots. The file has three, and
  if only the suffix is dropped, then it will be wrongly interpreted as
  a reverse domain, still
- It is not allowed to have a Mac App store certificate signature,
  together with a jar file, as this is forbidden in the app store.
  Our explicit requirement was allowing such a signature (see
  "cert leaf[field.1.2.840.113635.100.6.1.9] exists").

Solution is now to just let codesign do this work internally,
therefore the explicit requirement is dropped completely.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=55a093d8f2b10e589efd3eb4b7a5b3a83371e1fb
---

 extras/package/macosx/codesign.sh | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/extras/package/macosx/codesign.sh b/extras/package/macosx/codesign.sh
index b408d6e61b..07b0fc88d0 100755
--- a/extras/package/macosx/codesign.sh
+++ b/extras/package/macosx/codesign.sh
@@ -82,25 +82,9 @@ fi
 # Call with $1 = file or folder, $2 = identifier (if empty, file name is used)
 sign()
 {
-    IDENTIFIER="$2"
-    if [ -z "$IDENTIFIER" ]; then
-        filename=$(basename "$1")
-        IDENTIFIER="${filename%.*}"
-    fi
-
     # info "Signing file $1 with identifier $IDENTIFIER"
 
-    if [ -z "$GK" ]; then
-        codesign --force --verbose -s "$IDENTITY" --prefix "org.videolan." "$1"
-    else
-        REQUIREMENT="=designated => anchor apple generic  and identifier \"$IDENTIFIER\" "
-        REQUIREMENT+="and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or "
-        REQUIREMENT+="( certificate 1[field.1.2.840.113635.100.6.2.6] exists and "
-        REQUIREMENT+="certificate leaf[field.1.2.840.113635.100.6.1.13] exists  and "
-        REQUIREMENT+="certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))"
-
-        codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$REQUIREMENT" --timestamp=none "$1"
-    fi
+    codesign --force --verbose -s "$IDENTITY" "$1"
 }
 
 
@@ -154,7 +138,7 @@ done
 
 info "Signing the modules"
 
-for i in $(find VLC.app/Contents/MacOS/plugins -type f -name "*.dylib" -exec echo {} \;)
+for i in $(find VLC.app/Contents/MacOS/plugins -type f \( -name "*.dylib" -o -name "*.jar" \)  -exec echo {} \;)
 do
     sign "$i"
 done

More information about the vlc-commits mailing list