summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xmacosx/hbsign134
-rw-r--r--macosx/module.defs2
-rw-r--r--macosx/module.rules1
-rw-r--r--macosx/module.xcodebuild8
4 files changed, 143 insertions, 2 deletions
diff --git a/macosx/hbsign b/macosx/hbsign
new file mode 100755
index 000000000..2c70a2931
--- /dev/null
+++ b/macosx/hbsign
@@ -0,0 +1,134 @@
+#!/usr/bin/env bash
+# Copyright (C) 2012-2017 VLC authors and VideoLAN
+# Copyright (C) 2012-2014 Felix Paul Kühne <fkuehne at videolan dot org>
+# Copyright (C) 2018 Damiano Galassi <[email protected]>
+# Copyright (C) 2018 Bradley Sepos <[email protected]>
+#
+# Based on VLC's codesign.sh
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
+
+NAME="hbsign"
+
+set -e
+set -u
+
+SELF="${0}"
+SELF_NAME=$(basename "${SELF}")
+HELP="\
+usage: ${SELF_NAME} [-h]
+ ${SELF_NAME} identity application [application2 ...]
+where:
+ -h display this help text"
+
+# Logs error message and exits
+function exit_with_error {
+ set +e
+ ERROR="${2}"
+ echo "${SELF_NAME}: ${ERROR}" >&2
+ PRINT_HELP="${3:-false}"
+ if [[ "${PRINT_HELP}" == true ]]; then
+ echo -e "${HELP}"
+ fi
+ exit "${1}"
+}
+
+LOG="${NAME}.log"
+touch "${LOG}" || exit_with_error 1 "${SELF_NAME}: unable to create log file ${LOG}"
+
+OPTIND=1
+while getopts ":h" OPT; do
+ case "${OPT}" in
+ h)
+ # Print help and exit
+ echo -e "${HELP}"
+ exit 0
+ ;;
+ :)
+ # Option without required argument
+ exit_with_error 1 "${SELF_NAME}: option -${OPTARG} requires a value" true
+ ;;
+ \?)
+ # Invalid option specified
+ exit_with_error 1 "${SELF_NAME}: invalid option: -${OPTARG}" true
+ ;;
+ esac
+done
+shift $((${OPTIND} - 1))
+IDENTITY="${1:-}"
+if [[ "${IDENTITY}" == '' ]]; then
+ exit_with_error 1 "${SELF_NAME}: identity not specified" true
+fi
+shift 1
+
+if [[ ${#@} -eq 0 ]]; then
+ exit_with_error 1 "${SELF_NAME}: application not specified" true
+fi
+
+function sign { # sign file_or_folder
+ codesign --force --verbose -s "${IDENTITY}" --prefix "fr.handbrake." "${1:-}" >>"${LOG}" 2>&1 || exit_with_error 1 "Signing failed. More info may be available in ${NAME}.log"
+}
+
+echo "Identity: ${IDENTITY}"
+
+for TARGET in "${@}"; do
+
+ TARGET="${TARGET#./}"
+ echo "${TARGET}:"
+
+ if [[ "${TARGET##*/}" == 'HandBrake.app' ]]; then
+ echo " Signing Frameworks"
+ find "${TARGET}"/Contents/Frameworks -type f -name ".DS_Store" -exec rm '{}' \; >/dev/null 2>&1
+ find "${TARGET}"/Contents/Frameworks -type f -name "*.textile" -exec rm '{}' \; >/dev/null 2>&1
+ find "${TARGET}"/Contents/Frameworks -type f -name "*.txt" -exec rm '{}' \; >/dev/null 2>&1
+ sign "${TARGET}"/Contents/Frameworks/HandBrakeKit.framework/Versions/A fr.handbrake.HandBrake
+ sign "${TARGET}"/Contents/Frameworks/Growl.framework/Versions/A com.growl.growlframework
+ sign "${TARGET}"/Contents/Frameworks/Sparkle.framework/Resources/Autoupdate.app org.sparkle-project.Sparkle.Autoupdate
+ sign "${TARGET}"/Contents/Frameworks/Sparkle.framework/Versions/A org.sparkle-project.Sparkle
+ for FILE in $(find "${TARGET}"/Contents/Frameworks -type f -name "*.h" -o -name "*.nib" -o -name "*.plist" -o -name "*.strings" -exec echo {} \; >/dev/null 2>&1)
+ do
+ sign "${FILE}"
+ done
+
+ echo " Signing Headers"
+ for FILE in $(find "${TARGET}"/Contents/MacOS/include -type f -exec echo {} \; >/dev/null 2>&1)
+ do
+ sign "${FILEF}"
+ done
+ fi
+
+ echo " Signing Executable"
+ sign "${TARGET}" fr.handbrake.HandBrake
+
+ if [[ "${TARGET##*/}" == 'HandBrake.app' ]]; then
+ echo " Validating Frameworks"
+ codesign --verify -vv "${TARGET}"/Contents/Frameworks/HandBrakeKit.framework >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log"
+ codesign --verify -vv "${TARGET}"/Contents/Frameworks/Growl.framework >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log"
+ codesign --verify -vv "${TARGET}"/Contents/Frameworks/Sparkle.framework >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log"
+
+ echo " Validating Autoupdate.app"
+ codesign --verify -vv "${TARGET}"/Contents/Frameworks/Sparkle.framework/Versions/Current/Resources/Autoupdate.app >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log"
+ fi
+
+ echo " Validating Bundle"
+ codesign --verify --deep --strict --verbose=4 "${TARGET}" >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log"
+
+ echo " Validating Execution Privileges"
+ spctl -a -t exec -vv "${TARGET}" >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log"
+
+done
+
+echo "Complete."
+exit 0
diff --git a/macosx/module.defs b/macosx/module.defs
index 031d881c9..622afc78d 100644
--- a/macosx/module.defs
+++ b/macosx/module.defs
@@ -99,3 +99,5 @@ MACOSX.XCODE_ARCHIVE = $(strip \
-exportOptionsPlist '$(MACOSX.src/)archive.plist' \
-exportPath '$(MACOSX.xarchive/)' \
-archivePath '$(MACOSX.xarchive/)' )
+
+MACOSX.SIGN = $(strip $(MACOSX.src/)hbsign '$(ID)' $(MACOSX.xroot/)HandBrake.app)
diff --git a/macosx/module.rules b/macosx/module.rules
index 077f814d0..8f8cd15fe 100644
--- a/macosx/module.rules
+++ b/macosx/module.rules
@@ -40,6 +40,7 @@ macosx.clean:
$(RM.exe) -rf $(MACOSX.xroot/)HandBrake.xcarchive
$(RM.exe) -rf $(MACOSX.xroot/)HandBrake.app
$(RM.exe) -f $(MACOSX.xroot/)HandBrakeCLI
+ $(RM.exe) -f $(MACOSX.xroot/)hbsign.log
$(RM.exe) -f $(MACOSX.m4.out)
$(RM.exe) -f $(MACOSX.osl.filelist)
diff --git a/macosx/module.xcodebuild b/macosx/module.xcodebuild
index b472b4da0..8f2f43dc7 100644
--- a/macosx/module.xcodebuild
+++ b/macosx/module.xcodebuild
@@ -1,10 +1,13 @@
## This file is processed only when shunting build through xcodebuild
-.PHONY: macosx.build macosx.archive macosx.clean macosx.install macosx.install-strip macosx.uninstall
+.PHONY: macosx.build macosx.sign macosx.archive macosx.clean macosx.install macosx.install-strip macosx.uninstall
macosx.build:
$(call MACOSX.XCODE,HandBrakeCLI HandBrake,build)
+macosx.sign:
+ $(call MACOSX.SIGN,HandBrakeCLI HandBrake,sign)
+
macosx.archive:
$(call MACOSX.XCODE_ARCHIVE,HandBrake-Distribution,archive)
@@ -28,6 +31,7 @@ macosx.uninstall:
$(RM.exe) -f $(PREFIX/)bin/HandBrakeCLI
build: macosx.build
+sign: macosx.sign
archive: macosx.archive
clean: macosx.clean
install: macosx.install
@@ -37,7 +41,7 @@ xclean: clean
###############################################################################
-MACOSX.goals = $(filter-out build archive clean install,$(MAKECMDGOALS))
+MACOSX.goals = $(filter-out build sign archive clean install,$(MAKECMDGOALS))
$(MACOSX.goals): __goals__
@true