[Libreoffice-commits] core.git: desktop/Package_scripts.mk external/python3 setup_native/scripts shell/Package_senddoc.mk solenv/bin

Mon Jan 18 14:57:16 UTC 2021

desktop/Package_scripts.mk                    |   12 ++++++++----
 external/python3/ExternalProject_python3.mk   |   23 ++++++++++++++---------
 setup_native/scripts/mac_install.script       |    2 +-
 shell/Package_senddoc.mk                      |    8 ++++++++
 solenv/bin/modules/installer/simplepackage.pm |    5 +++--
 5 files changed, 34 insertions(+), 16 deletions(-)

New commits:
commit 4b9190fc29aec0f005f08c0269bb9ff081f19fe3
Author:     Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>
AuthorDate: Mon Jan 18 11:01:48 2021 +0100
Commit:     Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>
CommitDate: Mon Jan 18 15:56:36 2021 +0100

    mac: don't put script files into Contents/MacOS or framework-bin directory
    
    Signing them as executable code would require external attributes, and
    those in turn break packaging into hfs+ dmg when building on apfs with
    Big Sur.
    It is not a new thing - the old Code Signing in Depth technote
    https://developer.apple.com/library/archive/technotes/tn2206/_index.html
    already reads:
    "Store Python, Perl, shell, and other script files and other non-Mach-O
    executables in your app's Contents/Resources directory. While it's
    possible to sign such executables and store them in Contents/MacOS, this
    is not recommended.
    […]
    Put another way, a properly-signed app that has all of its files in the
    correct places will not contain any signatures stored as extended
    attributes."
    The patch does exactly that for LO and the shipped python framework and
    adds symlinks for the moved files.
    Same applies for the Language pack applescript and the tarball - those
    are also moved into Contents/Resources
    
    Change-Id: Iab21e77b73f941248ca89c6e80703fdf67a1057c
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109537
    Tested-by: Jenkins
    Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice at googlemail.com>

diff --git a/desktop/Package_scripts.mk b/desktop/Package_scripts.mk
index a806c72ef120..fbd74f43539b 100644
--- a/desktop/Package_scripts.mk
+++ b/desktop/Package_scripts.mk
@@ -16,10 +16,14 @@ $(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_BIN_FOLDER)/uno
 
 endif
 
-ifneq ($(OS),WNT)
-
-$(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_BIN_FOLDER)/unoinfo,$(if $(filter MACOSX,$(OS)),unoinfo-mac.sh,unoinfo.sh)))
-
+ifeq ($(OS), MACOSX)
+# only mach-o binaries allowed in bin folder (signing scripts would require extended attributes)
+# so install it into Resources folder and use a symlink instead
+# see https://developer.apple.com/library/archive/technotes/tn2206/_index.html
+$(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_SHARE_FOLDER)/unoinfo,unoinfo-mac.sh))
+$(eval $(call gb_Package_add_symbolic_link,desktop_scripts_install,$(LIBO_BIN_FOLDER)/unoinfo,../$(LIBO_SHARE_FOLDER)/unoinfo))
+else ifneq ($(OS),WNT)
+$(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_BIN_FOLDER)/unoinfo,unoinfo.sh))
 endif
 
 # vim: set ts=4 sw=4 noet:
diff --git a/external/python3/ExternalProject_python3.mk b/external/python3/ExternalProject_python3.mk
index 63f7e0ca5b45..36fc917168d3 100644
--- a/external/python3/ExternalProject_python3.mk
+++ b/external/python3/ExternalProject_python3.mk
@@ -139,16 +139,20 @@ ifeq ($(OS),MACOSX)
 python3_fw_prefix=$(call gb_UnpackedTarball_get_dir,python3)/python-inst/@__________________________________________________OOO/LibreOfficePython.framework
 
 # rule to allow relocating the whole framework, removing reference to buildinstallation directory
+# also scripts are not allowed to be signed as executables (with extended attributes), but need to
+# be treated as data/put into Resources folder, see also
+# https://developer.apple.com/library/archive/technotes/tn2206/_index.html
 $(call gb_ExternalProject_get_state_target,python3,fixscripts) : $(call gb_ExternalProject_get_state_target,python3,build)
 	$(call gb_Output_announce,python3 - remove reference to installroot from scripts,build,CUS,5)
-	$(COMMAND_ECHO)for file in \
-			$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/2to3-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
-			$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/easy_install-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
-			$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/idle$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
-			$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/pip$(PYTHON_VERSION_MAJOR) \
-			$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/pip$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
-			$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/pydoc$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
-			$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/python$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)-config \
+	$(COMMAND_ECHO)cd $(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/ && \
+	for file in \
+		2to3-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
+		easy_install-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
+		idle$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
+		pip$(PYTHON_VERSION_MAJOR) \
+		pip$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
+		pydoc$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
+		python$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)-config \
 	; do { rm "$$file" && $(gb_AWK) '\
 		BEGIN {print "#!/bin/bash\n\
 origpath=$$(pwd)\n\
@@ -157,7 +161,8 @@ cd \"$$origpath\"\n\
 \"$$bindir/../Resources/Python.app/Contents/MacOS/LibreOfficePython\" - $$@ <<EOF"} \
 		FNR==1{next} \
 		      {print} \
-		END   {print "EOF"}' > "$$file" ; } < "$$file" ; chmod +x "$$file" ; done
+		END   {print "EOF"}' > "../Resources/$$file" ; } < "$$file" && \
+	chmod +x "../Resources/$$file" && ln -s "../Resources/$$file" ; done
 	touch $@
 
 $(call gb_ExternalProject_get_state_target,python3,fixinstallnames) : $(call gb_ExternalProject_get_state_target,python3,build)
diff --git a/setup_native/scripts/mac_install.script b/setup_native/scripts/mac_install.script
index 57609636e2c0..eb92d70ba982 100644
--- a/setup_native/scripts/mac_install.script
+++ b/setup_native/scripts/mac_install.script
@@ -24,4 +24,4 @@
 
 MY_DIR=$(dirname "$0")
 
-osascript "$MY_DIR/osx_install.applescript"
+osascript "$MY_DIR/Resources/osx_install.applescript"
diff --git a/shell/Package_senddoc.mk b/shell/Package_senddoc.mk
index c09c9670ecb2..3716b193dc83 100644
--- a/shell/Package_senddoc.mk
+++ b/shell/Package_senddoc.mk
@@ -9,6 +9,14 @@
 
 $(eval $(call gb_Package_Package,shell_senddoc,$(SRCDIR)/shell/source/unix/misc))
 
+ifeq ($(OS), MACOSX)
+# only mach-o binaries allowed in bin folder (signing scripts would require extended attributes)
+# so install it into Resources folder and use a symlink instead
+# see https://developer.apple.com/library/archive/technotes/tn2206/_index.html
+$(eval $(call gb_Package_add_file,shell_senddoc,$(LIBO_SHARE_FOLDER)/senddoc,senddoc.sh))
+$(eval $(call gb_Package_add_symbolic_link,shell_senddoc,$(LIBO_BIN_FOLDER)/senddoc,../$(LIBO_SHARE_FOLDER)/senddoc))
+else
 $(eval $(call gb_Package_add_file,shell_senddoc,$(LIBO_BIN_FOLDER)/senddoc,senddoc.sh))
+endif
 
 # vim: set shiftwidth=4 tabstop=4 noexpandtab:
diff --git a/solenv/bin/modules/installer/simplepackage.pm b/solenv/bin/modules/installer/simplepackage.pm
index d2d36e259dcf..01a594a5e72c 100644
--- a/solenv/bin/modules/installer/simplepackage.pm
+++ b/solenv/bin/modules/installer/simplepackage.pm
@@ -324,11 +324,12 @@ sub create_package
             }
 
             my $sourcefile = $srcfolder . "/" . $tarballname;
-            my $destfile = $contentsfolder . "/" . $tarballname;
+            my $destfile = $contentsfolder . "/Resources/" . $tarballname;
 
             installer::systemactions::remove_complete_directory($appfolder);
             installer::systemactions::create_directory($appfolder);
             installer::systemactions::create_directory($contentsfolder);
+            installer::systemactions::create_directory($contentsfolder . "/Resources");
 
             installer::systemactions::copy_one_file($sourcefile, $destfile);
             installer::systemactions::remove_complete_directory($srcfolder);
@@ -350,7 +351,7 @@ sub create_package
             if (! -f $scriptref) { installer::exiter::exit_program("ERROR: Could not find Apple script $scriptfilename ($scriptref)!", "create_package"); }
             if (! -f $scripthelperfilename) { installer::exiter::exit_program("ERROR: Could not find Apple script $scripthelperfilename!", "create_package"); }
 
-            $scriptfilename = $contentsfolder . "/" . $scriptrealfilename;
+            $scriptfilename = $contentsfolder . "/Resources/" . $scriptrealfilename;
             $scripthelperrealfilename = $contentsfolder . "/" . $scripthelperrealfilename;
 
             installer::systemactions::copy_one_file($scriptref, $scriptfilename);
