diff options
Diffstat (limited to 'macosx')
-rwxr-xr-x | macosx/hbsign | 134 | ||||
-rw-r--r-- | macosx/module.defs | 2 | ||||
-rw-r--r-- | macosx/module.rules | 1 | ||||
-rw-r--r-- | macosx/module.xcodebuild | 8 |
4 files changed, 143 insertions, 2 deletions
diff --git a/macosx/hbsign b/macosx/hbsign new file mode 100755 index 000000000..2c70a2931 --- /dev/null +++ b/macosx/hbsign @@ -0,0 +1,134 @@ +#!/usr/bin/env bash +# Copyright (C) 2012-2017 VLC authors and VideoLAN +# Copyright (C) 2012-2014 Felix Paul Kühne <fkuehne at videolan dot org> +# Copyright (C) 2018 Damiano Galassi <[email protected]> +# Copyright (C) 2018 Bradley Sepos <[email protected]> +# +# Based on VLC's codesign.sh +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA. + +NAME="hbsign" + +set -e +set -u + +SELF="${0}" +SELF_NAME=$(basename "${SELF}") +HELP="\ +usage: ${SELF_NAME} [-h] + ${SELF_NAME} identity application [application2 ...] +where: + -h display this help text" + +# Logs error message and exits +function exit_with_error { + set +e + ERROR="${2}" + echo "${SELF_NAME}: ${ERROR}" >&2 + PRINT_HELP="${3:-false}" + if [[ "${PRINT_HELP}" == true ]]; then + echo -e "${HELP}" + fi + exit "${1}" +} + +LOG="${NAME}.log" +touch "${LOG}" || exit_with_error 1 "${SELF_NAME}: unable to create log file ${LOG}" + +OPTIND=1 +while getopts ":h" OPT; do + case "${OPT}" in + h) + # Print help and exit + echo -e "${HELP}" + exit 0 + ;; + :) + # Option without required argument + exit_with_error 1 "${SELF_NAME}: option -${OPTARG} requires a value" true + ;; + \?) + # Invalid option specified + exit_with_error 1 "${SELF_NAME}: invalid option: -${OPTARG}" true + ;; + esac +done +shift $((${OPTIND} - 1)) +IDENTITY="${1:-}" +if [[ "${IDENTITY}" == '' ]]; then + exit_with_error 1 "${SELF_NAME}: identity not specified" true +fi +shift 1 + +if [[ ${#@} -eq 0 ]]; then + exit_with_error 1 "${SELF_NAME}: application not specified" true +fi + +function sign { # sign file_or_folder + codesign --force --verbose -s "${IDENTITY}" --prefix "fr.handbrake." "${1:-}" >>"${LOG}" 2>&1 || exit_with_error 1 "Signing failed. More info may be available in ${NAME}.log" +} + +echo "Identity: ${IDENTITY}" + +for TARGET in "${@}"; do + + TARGET="${TARGET#./}" + echo "${TARGET}:" + + if [[ "${TARGET##*/}" == 'HandBrake.app' ]]; then + echo " Signing Frameworks" + find "${TARGET}"/Contents/Frameworks -type f -name ".DS_Store" -exec rm '{}' \; >/dev/null 2>&1 + find "${TARGET}"/Contents/Frameworks -type f -name "*.textile" -exec rm '{}' \; >/dev/null 2>&1 + find "${TARGET}"/Contents/Frameworks -type f -name "*.txt" -exec rm '{}' \; >/dev/null 2>&1 + sign "${TARGET}"/Contents/Frameworks/HandBrakeKit.framework/Versions/A fr.handbrake.HandBrake + sign "${TARGET}"/Contents/Frameworks/Growl.framework/Versions/A com.growl.growlframework + sign "${TARGET}"/Contents/Frameworks/Sparkle.framework/Resources/Autoupdate.app org.sparkle-project.Sparkle.Autoupdate + sign "${TARGET}"/Contents/Frameworks/Sparkle.framework/Versions/A org.sparkle-project.Sparkle + for FILE in $(find "${TARGET}"/Contents/Frameworks -type f -name "*.h" -o -name "*.nib" -o -name "*.plist" -o -name "*.strings" -exec echo {} \; >/dev/null 2>&1) + do + sign "${FILE}" + done + + echo " Signing Headers" + for FILE in $(find "${TARGET}"/Contents/MacOS/include -type f -exec echo {} \; >/dev/null 2>&1) + do + sign "${FILEF}" + done + fi + + echo " Signing Executable" + sign "${TARGET}" fr.handbrake.HandBrake + + if [[ "${TARGET##*/}" == 'HandBrake.app' ]]; then + echo " Validating Frameworks" + codesign --verify -vv "${TARGET}"/Contents/Frameworks/HandBrakeKit.framework >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log" + codesign --verify -vv "${TARGET}"/Contents/Frameworks/Growl.framework >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log" + codesign --verify -vv "${TARGET}"/Contents/Frameworks/Sparkle.framework >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log" + + echo " Validating Autoupdate.app" + codesign --verify -vv "${TARGET}"/Contents/Frameworks/Sparkle.framework/Versions/Current/Resources/Autoupdate.app >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log" + fi + + echo " Validating Bundle" + codesign --verify --deep --strict --verbose=4 "${TARGET}" >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log" + + echo " Validating Execution Privileges" + spctl -a -t exec -vv "${TARGET}" >>"${LOG}" 2>&1 || exit_with_error 1 "Validation failed. More info may be available in ${NAME}.log" + +done + +echo "Complete." +exit 0 diff --git a/macosx/module.defs b/macosx/module.defs index 031d881c9..622afc78d 100644 --- a/macosx/module.defs +++ b/macosx/module.defs @@ -99,3 +99,5 @@ MACOSX.XCODE_ARCHIVE = $(strip \ -exportOptionsPlist '$(MACOSX.src/)archive.plist' \ -exportPath '$(MACOSX.xarchive/)' \ -archivePath '$(MACOSX.xarchive/)' ) + +MACOSX.SIGN = $(strip $(MACOSX.src/)hbsign '$(ID)' $(MACOSX.xroot/)HandBrake.app) diff --git a/macosx/module.rules b/macosx/module.rules index 077f814d0..8f8cd15fe 100644 --- a/macosx/module.rules +++ b/macosx/module.rules @@ -40,6 +40,7 @@ macosx.clean: $(RM.exe) -rf $(MACOSX.xroot/)HandBrake.xcarchive $(RM.exe) -rf $(MACOSX.xroot/)HandBrake.app $(RM.exe) -f $(MACOSX.xroot/)HandBrakeCLI + $(RM.exe) -f $(MACOSX.xroot/)hbsign.log $(RM.exe) -f $(MACOSX.m4.out) $(RM.exe) -f $(MACOSX.osl.filelist) diff --git a/macosx/module.xcodebuild b/macosx/module.xcodebuild index b472b4da0..8f2f43dc7 100644 --- a/macosx/module.xcodebuild +++ b/macosx/module.xcodebuild @@ -1,10 +1,13 @@ ## This file is processed only when shunting build through xcodebuild -.PHONY: macosx.build macosx.archive macosx.clean macosx.install macosx.install-strip macosx.uninstall +.PHONY: macosx.build macosx.sign macosx.archive macosx.clean macosx.install macosx.install-strip macosx.uninstall macosx.build: $(call MACOSX.XCODE,HandBrakeCLI HandBrake,build) +macosx.sign: + $(call MACOSX.SIGN,HandBrakeCLI HandBrake,sign) + macosx.archive: $(call MACOSX.XCODE_ARCHIVE,HandBrake-Distribution,archive) @@ -28,6 +31,7 @@ macosx.uninstall: $(RM.exe) -f $(PREFIX/)bin/HandBrakeCLI build: macosx.build +sign: macosx.sign archive: macosx.archive clean: macosx.clean install: macosx.install @@ -37,7 +41,7 @@ xclean: clean ############################################################################### -MACOSX.goals = $(filter-out build archive clean install,$(MAKECMDGOALS)) +MACOSX.goals = $(filter-out build sign archive clean install,$(MAKECMDGOALS)) $(MACOSX.goals): __goals__ @true |