[vlc-commits] codesign.sh: Add check for valid code signature with spctl

[David Fuhrmann]

vlc/vlc-3.0 | branch: master | David Fuhrmann <dfuhrmann at videolan.org> | Tue Jan  2 17:30:16 2018 +0100| [b2b13b1ae4b37235a9f7ee5fbbef2f3eda2d79e8] | committer: David Fuhrmann

codesign.sh: Add check for valid code signature with spctl

This is the only check which actually checks all requirements of
a gatekeeper signature.

(cherry picked from commit a32d7df5076a906c89f67ef2f69be46df0198b80)
Signed-off-by: David Fuhrmann <dfuhrmann at videolan.org>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=b2b13b1ae4b37235a9f7ee5fbbef2f3eda2d79e8
---

 extras/package/macosx/codesign.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/extras/package/macosx/codesign.sh b/extras/package/macosx/codesign.sh
index 7c0c2f30a5..faed2046d6 100755
--- a/extras/package/macosx/codesign.sh
+++ b/extras/package/macosx/codesign.sh
@@ -198,7 +198,11 @@ info "Validating autoupdate app"
 codesign --verify -vv VLC.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Resources/Autoupdate.app
 
 info "Validating complete bundle"
-codesign --verify --deep --verbose=4 VLC.app
+codesign --verify --deep --strict --verbose=4 VLC.app
+
+if [ ! -z "$GK" ]; then
+    spctl -a -t exec -vv VLC.app
+fi
 
 
 info "Validation complete"