From db403988a7fd7d468f53d9296ff8d6c213ce435c Mon Sep 17 00:00:00 2001
From: Tor Lillqvist <tml@iki.fi>
Date: Tue, 9 Apr 2013 12:35:06 +0300
Subject: Forward-port the app bundle signing from the 4.0 branch

For now, use the same quick hack as in the 4.0 branch: Just sign the
app bundle as a while, not individual dylibs. Should factor out the
code in Makefile.in that signs all dylibs. Make sure to sign the
application app bundle only, not the SDK.

Change-Id: I6b0a39354c54b0e0f5352d0fd0bdb57650dc100a
---
 solenv/bin/modules/installer/simplepackage.pm | 38 +++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

(limited to 'solenv')

diff --git a/solenv/bin/modules/installer/simplepackage.pm b/solenv/bin/modules/installer/simplepackage.pm
index ff18bc963f77..58cff7dbaf1a 100755
--- a/solenv/bin/modules/installer/simplepackage.pm
+++ b/solenv/bin/modules/installer/simplepackage.pm
@@ -410,6 +410,44 @@ sub create_package
 
             chdir $localfrom;
         }
+        else
+        {
+            if (($volume_name_classic_app eq 'LibreOffice' || $volume_name_classic_app eq 'LibreOfficeDev') &&
+                defined($ENV{'MACOSX_CODESIGNING_IDENTITY'}) && $ENV{'MACOSX_CODESIGNING_IDENTITY'} ne "" )
+            {
+                # Just sign the .app as a whole, which means signing
+                # the CFBundleExecutable from Info.plist,
+                # i.e. soffice, plus the contents of the Resources
+                # treee (which is not much, far from all of our
+                # non-code "resources").
+
+                # Don't bother here in the 4.0 branch to sign each
+                # individual .dylib, or each additional binary. See
+                # master for more work plus possibly eventually
+                # re-organising the app bundle structure to be more
+                # Mac-like (the "program" symlink, eek!) and actually
+                # putting all non-code resources (including extension
+                # scripts!)  into Resources so that they participate
+                # in the signing and their validity can be guaranteed.
+
+                $systemcall = "codesign --sign $ENV{'MACOSX_CODESIGNING_IDENTITY'} -v -v -v $tempdir/$packagename/$volume_name_classic_app.app";
+                print "... $systemcall ...\n";
+                my $returnvalue = system($systemcall);
+                $infoline = "Systemcall: $systemcall\n";
+                push( @installer::globals::logfileinfo, $infoline);
+
+                if ($returnvalue)
+                {
+                    $infoline = "ERROR: Could not execute \"$systemcall\"!\n";
+                    push( @installer::globals::logfileinfo, $infoline);
+                }
+                else
+                {
+                    $infoline = "Success: Executed \"$systemcall\" successfully!\n";
+                    push( @installer::globals::logfileinfo, $infoline);
+                }
+            }
+        }
 
         $systemcall = "cd $localtempdir && hdiutil makehybrid -hfs -hfs-openfolder $folder $folder -hfs-volume-name \"$volume_name\" -ov -o $installdir/tmp && hdiutil convert -ov -format UDBZ $installdir/tmp.dmg -o $archive && ";
         if (( $ref ne "" ) && ( $$ref ne "" )) {
-- 
cgit