[Libreoffice-commits] core.git: solenv/bin

Tor Lillqvist (via logerrit) logerrit at kemper.freedesktop.org
Wed Jan 20 16:29:12 UTC 2021 

 solenv/bin/macosx-codesign-app-bundle |   51 ++++++----------------------------
 1 file changed, 9 insertions(+), 42 deletions(-)

New commits:
commit e2fcbac50549ca96b092d64bd14a37cee6b12e0a
Author:     Tor Lillqvist <tml at iki.fi>
AuthorDate: Wed Jan 20 12:16:09 2021 +0200
Commit:     Tor Lillqvist <tml at collabora.com>
CommitDate: Wed Jan 20 17:28:32 2021 +0100

    Simplify error handling
    
    There were a couple of weird things in this script. Firstly, the
    script redirected stdout and stderr from each invocation of codesign
    separately into a log file. (Several differently named log files.) But
    those log files were never displayed.
    
    Secondly, the script did "set -e" at the start. Thus, if a codesign
    invocation returned non-zero (error) exit status, any code to check
    the exit status and possibly display the log file would not be
    executed anyway.
    
    Simplify thusly:
    
    Don't pass --verbose to codesign. Then if nothing goes wrong, it is
    silent. That is The Unix Philosophy, right?
    
    Don't redirect codesign stdout and stderr to a log file (that would be
    removed if codesign didn't fail). Just let any error message of
    warning from codesign go to the script's stderr or stdout.
    
    If codesign fails, just exit. Error messages will have been written to
    stderr already. No log files to display or remove.
    
    Don't use set -e. Instead if a codesign invocation fails, just exit.
    
    The intent is that in the normal case, this script will be totally
    silent.
    
    Change-Id: Ic6081c418e4c564be768e30bf52b8196ee59f061
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109696
    Tested-by: Tor Lillqvist <tml at collabora.com>
    Reviewed-by: Tor Lillqvist <tml at collabora.com>

diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle
index 8aa725745327..f4df4d4e6639 100755
--- a/solenv/bin/macosx-codesign-app-bundle
+++ b/solenv/bin/macosx-codesign-app-bundle
@@ -1,7 +1,5 @@
 #!/bin/bash
 
-# Exit on errors
-set -e
 # Use of unset variable is an error
 set -u
 # If any part of a pipeline of commands fails, the whole pipeline fails
@@ -47,11 +45,7 @@ fi
 find -d "$APP_BUNDLE" \( -name '*.jnilib' \) ! -type l |
     while read file; do
     id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
-    codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename "$file").log" 2>&1
-    if [ "$?" != "0" ] ; then
-	exit 1
-    fi
-    rm "/tmp/codesign_$(basename "$file").log"
+    codesign --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1
 done
 
 # Sign dylibs
@@ -66,11 +60,7 @@ find "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.dylib.*' -or -name '*.so' \
         $other_files \) ! -type l |
 while read file; do
     id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
-    codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename "$file").log" 2>&1
-    if [ "$?" != "0" ] ; then
-	exit 1
-    fi
-    rm "/tmp/codesign_$(basename "$file").log"
+    codesign --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1
 done
 
 # Sign included bundles. First .app ones (i.e. the Python.app inside
@@ -78,23 +68,15 @@ done
 
 find "$APP_BUNDLE"/Contents -name '*.app' -type d |
 while read app; do
-    fn=`basename "$app"`
-    fn=${fn%.*}
     # Assume the app has a XML (and not binary) Info.plist
     id=`grep -A 1 '<key>CFBundleIdentifier</key>' $app/Contents/Info.plist | tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'`
-    codesign --verbose --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" > "/tmp/codesign_${fn}.log" 2>&1
-    if [ "$?" != "0" ] ; then
-	exit 1
-    fi
-    rm "/tmp/codesign_${fn}.log"
+    codesign --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" || exit 1
 done
 
 # Then .framework ones. Again, be generic just for kicks.
 
 find "$APP_BUNDLE" -name '*.framework' -type d |
 while read framework; do
-    fn=`basename "$framework"`
-    fn=${fn%.*}
     for version in "$framework"/Versions/*; do
         if test ! -L "$version" -a -d "$version"; then
 	    # Assume the framework has a XML (and not binary) Info.plist
@@ -102,14 +84,10 @@ while read framework; do
 	    if test -d $version/bin; then
 		# files in bin are not covered by signing the framework...
 		for scriptorexecutable in $(find $version/bin/ -type f); do
-		    codesign --verbose --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$scriptorexecutable" >> "/tmp/codesign_${fn}.log" 2>&1
+		    codesign --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$scriptorexecutable" || exit 1
 		done
 	    fi
-            codesign --verbose --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" >> "/tmp/codesign_${fn}.log" 2>&1
-	    if [ "$?" != "0" ] ; then
-		exit 1
-	    fi
-	    rm "/tmp/codesign_${fn}.log"
+            codesign --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" || exit 1
 	fi
     done
 done
@@ -118,11 +96,7 @@ done
 
 find "$APP_BUNDLE" -name '*.mdimporter' -type d |
 while read bundle; do
-    codesign --verbose --force --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$bundle" > "/tmp/codesign_$(basename "${bundle}").log" 2>&1
-    if [ "$?" != "0" ] ; then
-	exit 1
-    fi
-    rm "/tmp/codesign_$(basename "${bundle}").log"
+    codesign --force --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$bundle" || exit 1
 done
 
 # Sign executables
@@ -134,11 +108,7 @@ while read file; do
 	    ;;
 	*)
 	    id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
-	    codesign --force --verbose --options=runtime --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file"  > "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log" 2>&1
-	    if [ "$?" != "0" ] ; then
-		exit 1
-	    fi
-	    rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log"
+	    codesign --force --options=runtime --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" || exit 1
 	    ;;
     esac
 done
@@ -155,9 +125,6 @@ done
 
 id=`echo ${PRODUCTNAME} | tr ' ' '-'`
 
-codesign --force --verbose --options=runtime --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" > "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log" 2>&1
-if [ "$?" != "0" ] ; then
-    exit 1
-fi
-rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log"
+codesign --force --options=runtime --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1
+
 exit 0

More information about the Libreoffice-commits mailing list