[Libreoffice-commits] core.git: solenv/bin
Norbert Thiebaud
nthiebaud at gmail.com
Wed Mar 22 17:37:17 UTC 2017
solenv/bin/macosx-codesign-app-bundle | 47 ++++++++++++++++++++++++++--------
1 file changed, 37 insertions(+), 10 deletions(-)
New commits:
commit a332bb9a6cc19f0c212892b3f304583338b0a094
Author: Norbert Thiebaud <nthiebaud at gmail.com>
Date: Sat Mar 18 09:43:47 2017 -0500
codesigning script for macosx compained about double signing
Release build of 5.3.2.1 failed in codesign
apparently LibreOfficePython.framework was being signed more than
once, which cause codesign to fail and due to a recent
patch to harden the codesign wrapper, the build itself to fail
This does not address why some part are signed multiple time
but merely tell codesign to ignore the issue and just sign
This also fix a bash un-initialize variable warning and
capture output of codesign in case of error to be able to diagnose
things.
Change-Id: Ibd6752702feb2bdf5163ac30ed7a3fd9c86f961c
Reviewed-on: https://gerrit.libreoffice.org/35407
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Norbert Thiebaud <nthiebaud at gmail.com>
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle
index 39d87246a92f..f5ccff1475f1 100755
--- a/solenv/bin/macosx-codesign-app-bundle
+++ b/solenv/bin/macosx-codesign-app-bundle
@@ -26,7 +26,7 @@ for V in \
done
APP_BUNDLE="$1"
-
+entitlements=
if test -n "$ENABLE_MACOSX_SANDBOX"; then
# In a sandboxed build executables need the entitlements
entitlements="--entitlements $BUILDDIR/lo.xcent"
@@ -48,7 +48,11 @@ fi
find -d "$APP_BUNDLE" \( -name '*.jnilib' \) ! -type l |
while read file; do
id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
- codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1
+ codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename "$file").log" 2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_$(basename "$file").log"
done
# Sign dylibs
@@ -63,7 +67,11 @@ find "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.dylib.*' -or -name '*.so' \
$other_files \) ! -type l |
while read file; do
id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
- codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1
+ codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename "$file").log" 2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_$(basename "$file").log"
done
# Sign included bundles. First .app ones (i.e. the Python.app inside
@@ -75,7 +83,11 @@ while read app; do
fn=${fn%.*}
# Assume the app has a XML (and not binary) Info.plist
id=`grep -A 1 '<key>CFBundleIdentifier</key>' $app/Contents/Info.plist | tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'`
- codesign --verbose --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" || exit 1
+ codesign --verbose --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" > "/tmp/codesign_${fn}.log" 2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_${fn}.log"
done
# Then .framework ones. Again, be generic just for kicks.
@@ -88,8 +100,12 @@ while read framework; do
if test ! -L "$version" -a -d "$version"; then
# Assume the framework has a XML (and not binary) Info.plist
id=`grep -A 1 '<key>CFBundleIdentifier</key>' $version/Resources/Info.plist | tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'`
- codesign --verbose --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" || exit 1
- fi
+ codesign --verbose --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" > "/tmp/codesign_${fn}.log" 2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_${fn}.log"
+ fi
done
done
@@ -97,7 +113,11 @@ done
find "$APP_BUNDLE" -name '*.mdimporter' -type d |
while read bundle; do
- codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$bundle" || exit 1
+ codesign --verbose --force --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$bundle" > "/tmp/codesign_$(basename "${bundle}").log" 2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_$(basename "${bundle}").log"
done
# Sign executables
@@ -109,7 +129,11 @@ while read file; do
;;
*)
id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
- codesign --force --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" || exit 1
+ codesign --force --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" > "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log" 2>&1
+ if [ "$?" != "0" ] ; then
+ exit 1
+ fi
+ rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log"
;;
esac
done
@@ -128,6 +152,9 @@ done
id=`echo ${PRODUCTNAME} | tr ' ' '-'`
-codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1
-
+codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" > "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log" 2>&1
+if [ "$?" != "0" ] ; then
+ exit 1
+fi
+rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log"
exit 0
More information about the Libreoffice-commits
mailing list