[Libreoffice-commits] core.git: 2 commits - setup_native/source solenv/bin
Tor Lillqvist
tml at collabora.com
Mon Jun 9 04:58:42 PDT 2014
setup_native/source/mac/CodesignRules.plist | 19 ++++++++++++++++++
solenv/bin/macosx-codesign-app-bundle | 29 ++++++++++++++++++++++++----
2 files changed, 44 insertions(+), 4 deletions(-)
New commits:
commit c506639c9310184d6c35e8ffdb4dafc639d7c92a
Author: Tor Lillqvist <tml at collabora.com>
Date: Mon Jun 9 14:52:08 2014 +0300
A few improvements to macosx-codesign-app-bundle
Try harder to handle app bundles with space in name. (Not sure if this
version yet does that 100%.)
Include the directory names in the "ids" to make them unique. There
are lots of files with the same name (in different directories, of
course), especially in an app bundle that includes help in multiple
languages.
Change-Id: I424c539f6389ac6f7c9cef96aeb873ddac459f78
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle
index 195b40e..2f22618 100755
--- a/solenv/bin/macosx-codesign-app-bundle
+++ b/solenv/bin/macosx-codesign-app-bundle
@@ -40,11 +40,14 @@ APP_BUNDLE="$1"
# add some where it makes sense. Make a depth-first search to sign the contents
# of e.g. the spotlight plugin before attempting to sign the plugin itself
-find -d $APP_BUNDLE \( -name '*.dylib' -or -name '*.so' -or -name '*.fodt' \
+find -d "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.so' -or -name '*.fodt' \
-or -name 'schema.strings' -or -name 'schema.xml' -or -name '*.mdimporter' \
-or -name '*.jar' -or -name '*.jnilib' -or -name 'LICENSE' -or -name 'LICENSE.html' \
-or -name '*.applescript' \) ! -type l | grep -v "LibreOfficePython\.framework" | \
-xargs codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY"
+while read file; do
+ id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
+ codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file"
+done
find $APP_BUNDLE -name '*.dylib.*' ! -type l | \
while read dylib; do \
commit 9835fa87ac6ffe43bd9cc85839b2fea1fca2fcad
Author: Tor Lillqvist <tml at collabora.com>
Date: Mon Jun 9 13:28:13 2014 +0300
Use essentially the same OS X code signing script as in libreoffice-4-2
Change-Id: Ica7dcc823cc7027a00b15d2dcf5b73b0ef322189
diff --git a/setup_native/source/mac/CodesignRules.plist b/setup_native/source/mac/CodesignRules.plist
new file mode 100644
index 0000000..e638f92
--- /dev/null
+++ b/setup_native/source/mac/CodesignRules.plist
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>rules</key>
+ <dict>
+ <key>^MacOS/(bootstraprc|fundamentalrc|setuprc|sofficerc|unorc|versionrc)$</key>
+ <false/>
+ <key>^MacOS/pythonloader.unorc$</key>
+ <false/>
+ <key>^MacOS/postgresql-sdbc.ini$</key>
+ <false/>
+ <key>^MacOS/(senddoc|python|gengal|unoinfo)$</key>
+ <false/>
+ <key>.*\.(png|svg|py|res|rdb)$</key>
+ <false/>
+ </dict>
+</dict>
+</plist>
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle
index 0eca560..195b40e 100755
--- a/solenv/bin/macosx-codesign-app-bundle
+++ b/solenv/bin/macosx-codesign-app-bundle
@@ -19,6 +19,8 @@ for V in \
fi
done
+echo "codesigning using MACSOX_CODESIGNING_IDENTITY=[${MACOSX_CODESIGNING_IDENTITY?}]"
+
APP_BUNDLE="$1"
# Sign dylibs
@@ -33,8 +35,15 @@ APP_BUNDLE="$1"
# First sign all files that can use the default identifier in the hope
# that codesign will contact the timestamp server just once for all
# mentioned on the command line.
+#
+# On Mavericks also would like to have data files signed...
+# add some where it makes sense. Make a depth-first search to sign the contents
+# of e.g. the spotlight plugin before attempting to sign the plugin itself
-find $APP_BUNDLE \( -name '*.dylib' -or -name '*.so' \) ! -type l | \
+find -d $APP_BUNDLE \( -name '*.dylib' -or -name '*.so' -or -name '*.fodt' \
+ -or -name 'schema.strings' -or -name 'schema.xml' -or -name '*.mdimporter' \
+ -or -name '*.jar' -or -name '*.jnilib' -or -name 'LICENSE' -or -name 'LICENSE.html' \
+ -or -name '*.applescript' \) ! -type l | grep -v "LibreOfficePython\.framework" | \
xargs codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY"
find $APP_BUNDLE -name '*.dylib.*' ! -type l | \
@@ -55,8 +64,13 @@ done
# completeness.
for framework in `find $APP_BUNDLE -name '*.framework' -type d`; do \
+ fn="$(basename $framework)"
+ fn=${fn%.*}
for version in $framework/Versions/*; do \
- if test ! -L $version -a -d $version; then codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" $version; fi; \
+ if test ! -L $version -a -d $version; then
+ codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" $version/$fn
+ codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" $version
+ fi; \
done; \
done
@@ -67,12 +81,16 @@ done
# all of our non-code "resources").
#
# At this stage we also attach the entitlements in the sandboxing case
+#
+# Also omit some files from the Bunlde's seal via the resource-rules
+# (bootstraprc and similar that the user might adjust and image files)
+# See also https://developer.apple.com/library/mac/technotes/tn2206/
if test "$ENABLE_MACOSX_SANDBOX" = "TRUE"; then
entitlements="--entitlements $BUILDDIR/lo.xcent"
fi
id=`echo ${MACOSX_APP_NAME} | tr ' ' '-'`
-codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}.$id" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements $APP_BUNDLE
+codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}.$id" --resource-rules "$SRCDIR/setup_native/source/mac/CodesignRules.plist" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements $APP_BUNDLE
exit 0
More information about the Libreoffice-commits
mailing list