diff options
| author | Patrick Luby <guibmacdev@gmail.com> | 2024-07-27 16:58:17 -0400 |
|---|---|---|
| committer | Patrick Luby <guibomacdev@gmail.com> | 2024-07-31 20:00:50 +0200 |
| commit | 93cd479aef9b12bc277c76a53a8d6f5804b1db6c (patch) | |
| tree | b44369448224be9517c28c8dddfbbf6158a1c2f9 /solenv/bin | |
| parent | eff240546328f15f4f88c782637913d5eef18c74 (diff) | |
Codesign *.jnilib files like *.dylib and remove $other_files variable
*.jnilib files no longer need to be codesigned before *.dylib files
so just codesign them at the same time as *.dylib files.
Also, none of the files in the $other_files variable need to be
explicitly codesigned since all of those files get codesigned
elsewhere in the script.
Change-Id: Ia6f22f6d849ca76c1bf8a491c43fc00fee2af4a2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171129
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Jenkins
Diffstat (limited to 'solenv/bin')
| -rwxr-xr-x | solenv/bin/macosx-codesign-app-bundle | 23 |
1 files changed, 3 insertions, 20 deletions
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle index 3f0003f9a4a2..ad6bfbb63d8d 100755 --- a/solenv/bin/macosx-codesign-app-bundle +++ b/solenv/bin/macosx-codesign-app-bundle @@ -34,19 +34,12 @@ if test -n "$ENABLE_MACOSX_SANDBOX"; then application_identifier=`/usr/libexec/PlistBuddy -c "print com.apple.application-identifier" $BUILDDIR/lo.xcent` # remove the key from the entitlement - only use it when signing the whole bundle in the final step /usr/libexec/PlistBuddy -c "delete com.apple.application-identifier" $BUILDDIR/lo.xcent - # All data files are in Resources and included in the app bundle signature - other_files='' # HACK: remove donate menu entries, need to support apple-pay and be verified # as non profit as a bare minimum to allow asking.... sed -I "" -e '\#<menu:menuitem menu:id=".uno:Donation"/>#d' $APP_BUNDLE/Contents/Resources/config/soffice.cfg/modules/*/menubar/menubar.xml else - # We then want to sign data files, too, hmm. entitlements="--entitlements $BUILDDIR/hardened_runtime.xcent" entitlements_helper=$entitlements - other_files="\ - -or -name '*.fodt' -or -name 'schema.strings' -or -name 'schema.xml' \ - -or -name '*.jar' -or -name 'LICENSE' -or -name 'LICENSE.html' \ - -or -name '*.applescript' -or -name '*.odt'" fi if test -z "$MACOSX_CODESIGNING_IDENTITY"; then @@ -75,24 +68,14 @@ if test -z "$MACOSX_CODESIGNING_IDENTITY"; then exit 0 fi -# Sign jnilibs first as workaround for signing issue on old baseline -# order matters/screws things up otherwise -find -d "$APP_BUNDLE" \( -name '*.jnilib' \) ! -type l | - while read file; do - id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'` - codesign --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1 -done - # Sign dylibs # # The dylibs in the Python framework are called *.so. Go figure # -# On Mavericks also would like to have data files signed... -# add some where it makes sense. Make a depth-first search to sign the contents -# of e.g. the spotlight plugin before attempting to sign the plugin itself +# Make a depth-first search to sign the contents of e.g. the spotlight plugin +# before attempting to sign the plugin itself -find "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.dylib.*' -or -name '*.so' \ - $other_files \) ! -type l | +find "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.dylib.*' -or -name '*.so' -or -name '*.jnilib' \) ! -type l | while read file; do id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'` codesign --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1 |