diff options
author | Norbert Thiebaud <nthiebaud@gmail.com> | 2017-03-18 09:43:47 -0500 |
---|---|---|
committer | Norbert Thiebaud <nthiebaud@gmail.com> | 2017-03-22 17:36:52 +0000 |
commit | a332bb9a6cc19f0c212892b3f304583338b0a094 (patch) | |
tree | 5560bdde4d4ebc1f9d2478fc3764a172b31873c7 | |
parent | 9b7c35b4b7fd5a5347a3602f110d78e1019a54e9 (diff) |
codesigning script for macosx compained about double signing
Release build of 5.3.2.1 failed in codesign
apparently LibreOfficePython.framework was being signed more than
once, which cause codesign to fail and due to a recent
patch to harden the codesign wrapper, the build itself to fail
This does not address why some part are signed multiple time
but merely tell codesign to ignore the issue and just sign
This also fix a bash un-initialize variable warning and
capture output of codesign in case of error to be able to diagnose
things.
Change-Id: Ibd6752702feb2bdf5163ac30ed7a3fd9c86f961c
Reviewed-on: https://gerrit.libreoffice.org/35407
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Norbert Thiebaud <nthiebaud@gmail.com>
-rwxr-xr-x | solenv/bin/macosx-codesign-app-bundle | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle index 39d87246a92f..f5ccff1475f1 100755 --- a/solenv/bin/macosx-codesign-app-bundle +++ b/solenv/bin/macosx-codesign-app-bundle @@ -26,7 +26,7 @@ for V in \ done APP_BUNDLE="$1" - +entitlements= if test -n "$ENABLE_MACOSX_SANDBOX"; then # In a sandboxed build executables need the entitlements entitlements="--entitlements $BUILDDIR/lo.xcent" @@ -48,7 +48,11 @@ fi find -d "$APP_BUNDLE" \( -name '*.jnilib' \) ! -type l | while read file; do id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'` - codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1 + codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename "$file").log" 2>&1 + if [ "$?" != "0" ] ; then + exit 1 + fi + rm "/tmp/codesign_$(basename "$file").log" done # Sign dylibs @@ -63,7 +67,11 @@ find "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.dylib.*' -or -name '*.so' \ $other_files \) ! -type l | while read file; do id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'` - codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1 + codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename "$file").log" 2>&1 + if [ "$?" != "0" ] ; then + exit 1 + fi + rm "/tmp/codesign_$(basename "$file").log" done # Sign included bundles. First .app ones (i.e. the Python.app inside @@ -75,7 +83,11 @@ while read app; do fn=${fn%.*} # Assume the app has a XML (and not binary) Info.plist id=`grep -A 1 '<key>CFBundleIdentifier</key>' $app/Contents/Info.plist | tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'` - codesign --verbose --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" || exit 1 + codesign --verbose --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" > "/tmp/codesign_${fn}.log" 2>&1 + if [ "$?" != "0" ] ; then + exit 1 + fi + rm "/tmp/codesign_${fn}.log" done # Then .framework ones. Again, be generic just for kicks. @@ -88,8 +100,12 @@ while read framework; do if test ! -L "$version" -a -d "$version"; then # Assume the framework has a XML (and not binary) Info.plist id=`grep -A 1 '<key>CFBundleIdentifier</key>' $version/Resources/Info.plist | tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'` - codesign --verbose --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" || exit 1 - fi + codesign --verbose --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" > "/tmp/codesign_${fn}.log" 2>&1 + if [ "$?" != "0" ] ; then + exit 1 + fi + rm "/tmp/codesign_${fn}.log" + fi done done @@ -97,7 +113,11 @@ done find "$APP_BUNDLE" -name '*.mdimporter' -type d | while read bundle; do - codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$bundle" || exit 1 + codesign --verbose --force --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$bundle" > "/tmp/codesign_$(basename "${bundle}").log" 2>&1 + if [ "$?" != "0" ] ; then + exit 1 + fi + rm "/tmp/codesign_$(basename "${bundle}").log" done # Sign executables @@ -109,7 +129,11 @@ while read file; do ;; *) id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'` - codesign --force --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" || exit 1 + codesign --force --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" > "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log" 2>&1 + if [ "$?" != "0" ] ; then + exit 1 + fi + rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log" ;; esac done @@ -128,6 +152,9 @@ done id=`echo ${PRODUCTNAME} | tr ' ' '-'` -codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1 - +codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" > "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log" 2>&1 +if [ "$?" != "0" ] ; then + exit 1 +fi +rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log" exit 0 |