diff options
| author | Tor Lillqvist <tml@iki.fi> | 2021-01-20 12:16:09 +0200 |
|---|---|---|
| committer | Tor Lillqvist <tml@collabora.com> | 2021-01-20 17:28:32 +0100 |
| commit | e2fcbac50549ca96b092d64bd14a37cee6b12e0a (patch) | |
| tree | 6811dea3e85e8a08c139f0544ba722f8cf83b086 | |
| parent | 3d2a431da1126f4924f6cd7e5abac6488cd480e7 (diff) | |
Simplify error handling
There were a couple of weird things in this script. Firstly, the
script redirected stdout and stderr from each invocation of codesign
separately into a log file. (Several differently named log files.) But
those log files were never displayed.
Secondly, the script did "set -e" at the start. Thus, if a codesign
invocation returned non-zero (error) exit status, any code to check
the exit status and possibly display the log file would not be
executed anyway.
Simplify thusly:
Don't pass --verbose to codesign. Then if nothing goes wrong, it is
silent. That is The Unix Philosophy, right?
Don't redirect codesign stdout and stderr to a log file (that would be
removed if codesign didn't fail). Just let any error message of
warning from codesign go to the script's stderr or stdout.
If codesign fails, just exit. Error messages will have been written to
stderr already. No log files to display or remove.
Don't use set -e. Instead if a codesign invocation fails, just exit.
The intent is that in the normal case, this script will be totally
silent.
Change-Id: Ic6081c418e4c564be768e30bf52b8196ee59f061
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109696
Tested-by: Tor Lillqvist <tml@collabora.com>
Reviewed-by: Tor Lillqvist <tml@collabora.com>
| -rwxr-xr-x | solenv/bin/macosx-codesign-app-bundle | 51 |
1 files changed, 9 insertions, 42 deletions
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle index 8aa725745327..f4df4d4e6639 100755 --- a/solenv/bin/macosx-codesign-app-bundle +++ b/solenv/bin/macosx-codesign-app-bundle @@ -1,7 +1,5 @@ #!/bin/bash -# Exit on errors -set -e # Use of unset variable is an error set -u # If any part of a pipeline of commands fails, the whole pipeline fails @@ -47,11 +45,7 @@ fi find -d "$APP_BUNDLE" \( -name '*.jnilib' \) ! -type l | while read file; do id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'` - codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename "$file").log" 2>&1 - if [ "$?" != "0" ] ; then - exit 1 - fi - rm "/tmp/codesign_$(basename "$file").log" + codesign --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1 done # Sign dylibs @@ -66,11 +60,7 @@ find "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.dylib.*' -or -name '*.so' \ $other_files \) ! -type l | while read file; do id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'` - codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename "$file").log" 2>&1 - if [ "$?" != "0" ] ; then - exit 1 - fi - rm "/tmp/codesign_$(basename "$file").log" + codesign --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1 done # Sign included bundles. First .app ones (i.e. the Python.app inside @@ -78,23 +68,15 @@ done find "$APP_BUNDLE"/Contents -name '*.app' -type d | while read app; do - fn=`basename "$app"` - fn=${fn%.*} # Assume the app has a XML (and not binary) Info.plist id=`grep -A 1 '<key>CFBundleIdentifier</key>' $app/Contents/Info.plist | tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'` - codesign --verbose --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" > "/tmp/codesign_${fn}.log" 2>&1 - if [ "$?" != "0" ] ; then - exit 1 - fi - rm "/tmp/codesign_${fn}.log" + codesign --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" || exit 1 done # Then .framework ones. Again, be generic just for kicks. find "$APP_BUNDLE" -name '*.framework' -type d | while read framework; do - fn=`basename "$framework"` - fn=${fn%.*} for version in "$framework"/Versions/*; do if test ! -L "$version" -a -d "$version"; then # Assume the framework has a XML (and not binary) Info.plist @@ -102,14 +84,10 @@ while read framework; do if test -d $version/bin; then # files in bin are not covered by signing the framework... for scriptorexecutable in $(find $version/bin/ -type f); do - codesign --verbose --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$scriptorexecutable" >> "/tmp/codesign_${fn}.log" 2>&1 + codesign --options=runtime --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$scriptorexecutable" || exit 1 done fi - codesign --verbose --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" >> "/tmp/codesign_${fn}.log" 2>&1 - if [ "$?" != "0" ] ; then - exit 1 - fi - rm "/tmp/codesign_${fn}.log" + codesign --force --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$version" || exit 1 fi done done @@ -118,11 +96,7 @@ done find "$APP_BUNDLE" -name '*.mdimporter' -type d | while read bundle; do - codesign --verbose --force --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$bundle" > "/tmp/codesign_$(basename "${bundle}").log" 2>&1 - if [ "$?" != "0" ] ; then - exit 1 - fi - rm "/tmp/codesign_$(basename "${bundle}").log" + codesign --force --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign "$MACOSX_CODESIGNING_IDENTITY" "$bundle" || exit 1 done # Sign executables @@ -134,11 +108,7 @@ while read file; do ;; *) id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'` - codesign --force --verbose --options=runtime --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" > "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log" 2>&1 - if [ "$?" != "0" ] ; then - exit 1 - fi - rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log" + codesign --force --options=runtime --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" || exit 1 ;; esac done @@ -155,9 +125,6 @@ done id=`echo ${PRODUCTNAME} | tr ' ' '-'` -codesign --force --verbose --options=runtime --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" > "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log" 2>&1 -if [ "$?" != "0" ] ; then - exit 1 -fi -rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log" +codesign --force --options=runtime --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1 + exit 0 |