diff options
author | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2021-01-18 11:01:48 +0100 |
---|---|---|
committer | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2021-01-18 15:56:36 +0100 |
commit | 4b9190fc29aec0f005f08c0269bb9ff081f19fe3 (patch) | |
tree | c013010e46c8e6085b090097a87086bf16ca4c2f /desktop | |
parent | cbbfed893616f804cb6557185ddda26c0cef2ed6 (diff) |
mac: don't put script files into Contents/MacOS or framework-bin directory
Signing them as executable code would require external attributes, and
those in turn break packaging into hfs+ dmg when building on apfs with
Big Sur.
It is not a new thing - the old Code Signing in Depth technote
https://developer.apple.com/library/archive/technotes/tn2206/_index.html
already reads:
"Store Python, Perl, shell, and other script files and other non-Mach-O
executables in your app's Contents/Resources directory. While it's
possible to sign such executables and store them in Contents/MacOS, this
is not recommended.
[…]
Put another way, a properly-signed app that has all of its files in the
correct places will not contain any signatures stored as extended
attributes."
The patch does exactly that for LO and the shipped python framework and
adds symlinks for the moved files.
Same applies for the Language pack applescript and the tarball - those
are also moved into Contents/Resources
Change-Id: Iab21e77b73f941248ca89c6e80703fdf67a1057c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109537
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Diffstat (limited to 'desktop')
-rw-r--r-- | desktop/Package_scripts.mk | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/desktop/Package_scripts.mk b/desktop/Package_scripts.mk index a806c72ef120..fbd74f43539b 100644 --- a/desktop/Package_scripts.mk +++ b/desktop/Package_scripts.mk @@ -16,10 +16,14 @@ $(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_BIN_FOLDER)/uno endif -ifneq ($(OS),WNT) - -$(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_BIN_FOLDER)/unoinfo,$(if $(filter MACOSX,$(OS)),unoinfo-mac.sh,unoinfo.sh))) - +ifeq ($(OS), MACOSX) +# only mach-o binaries allowed in bin folder (signing scripts would require extended attributes) +# so install it into Resources folder and use a symlink instead +# see https://developer.apple.com/library/archive/technotes/tn2206/_index.html +$(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_SHARE_FOLDER)/unoinfo,unoinfo-mac.sh)) +$(eval $(call gb_Package_add_symbolic_link,desktop_scripts_install,$(LIBO_BIN_FOLDER)/unoinfo,../$(LIBO_SHARE_FOLDER)/unoinfo)) +else ifneq ($(OS),WNT) +$(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_BIN_FOLDER)/unoinfo,unoinfo.sh)) endif # vim: set ts=4 sw=4 noet: |