[vlc-devel] [PATCH] OSX codesigning - Add additional check for signed binary.
Filipe Cabecinhas
filcab at filcab.net
Tue Nov 3 19:00:52 CET 2015
Probably codesign.sh should exit with a non-zero exit code if spctl fails.
Filipe
On Tuesday, 3 November 2015, Rob Jonson <rob at hobbyistsoftware.com> wrote:
> Adds a test with spctl as described here:
>
> https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-DontLinkElementID5
> ---
> extras/package/macosx/codesign.sh | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/extras/package/macosx/codesign.sh
> b/extras/package/macosx/codesign.sh
> index 74a9c9d..451d3dc 100755
> --- a/extras/package/macosx/codesign.sh
> +++ b/extras/package/macosx/codesign.sh
> @@ -194,5 +194,7 @@ codesign --verify -vv
> VLC.app/Contents/Frameworks/Sparkle.framework/Versions/Cur
> info "Validating complete bundle"
> codesign --verify --deep --verbose=4 VLC.app
>
> +info "Testing with spctl (all assessments should be true)"
> +spctl --assess --verbose=4 --raw --type execute VLC.app
>
> info "Validation complete"
> --
> 2.4.9 (Apple Git-60)
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20151103/2d4100b0/attachment.html>
More information about the vlc-devel
mailing list