extras/package/macosx/codesign.sh

   1 #!/bin/bash
   2 # Copyright (C) 2012-2014 Felix Paul Kühne <fkuehne at videolan dot org>
   3 #
   4 # This program is free software; you can redistribute it and/or modify it
   5 # under the terms of the GNU Lesser General Public License as published by
   6 # the Free Software Foundation; either version 2.1 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12 # GNU Lesser General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Lesser General Public License
  15 # along with this program; if not, write to the Free Software Foundation,
  16 # Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
  17
  18 set -e
  19
  20 info()
  21 {
  22     green='\x1B[1;32m'
  23     normal='\x1B[0m'
  24     echo -e "[${green}codesign${normal}] $1"
  25 }
  26
  27 usage()
  28 {
  29 cat << EOF
  30 usage: $0 [options]
  31
  32 Sign VLC.app in the current directory
  33
  34 OPTIONS:
  35    -h            Show this help
  36    -i            Identity to use
  37    -t            Entitlements file to use
  38    -g            Enable additional magic
  39 EOF
  40
  41 }
  42
  43 while getopts "hi:t:g" OPTION
  44 do
  45      case $OPTION in
  46          h)
  47              usage
  48              exit 1
  49          ;;
  50          i)
  51              IDENTITY=$OPTARG
  52          ;;
  53          t)
  54              OPTIONS="--entitlements $OPTARG"
  55          ;;
  56          g)
  57              GK="yes"
  58          ;;
  59      esac
  60 done
  61 shift $(($OPTIND - 1))
  62
  63 if [ "x$1" != "x" ]; then
  64     usage
  65     exit 1
  66 fi
  67
  68 if test -z "$GK"
  69 then
  70
  71     info "Signing frameworks"
  72     find VLC.app/Contents/Frameworks/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
  73
  74     info "Signing the executable"
  75     codesign --force -s "$IDENTITY" $OPTIONS VLC.app/Contents/MacOS/VLC
  76
  77     info "Signing the modules"
  78     find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
  79
  80     info "Signing the libraries"
  81     find VLC.app/Contents/MacOS/lib/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
  82
  83     info "Signing the lua stuff"
  84     find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
  85 else
  86     FIRSTPARTOF_REQUIREMENT="=designated => anchor apple generic  and identifier \""
  87     SECONDPARTOF_REQUIREMENT="\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists  and certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))"
  88
  89     info "Cleaning frameworks"
  90     find VLC.app/Contents/Frameworks -type f -name ".DS_Store" -exec rm '{}' \;
  91     find VLC.app/Contents/Frameworks -type f -name "*.textile" -exec rm '{}' \;
  92     find VLC.app/Contents/Frameworks -type f -name "*.txt" -exec rm '{}' \;
  93
  94     info "Signing frameworks"
  95     IDENTIFIER="com.growl.growlframework"
  96     codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" --timestamp=none VLC.app/Contents/Frameworks/Growl.framework/Versions/A
  97
  98     IDENTIFIER="fileop"
  99     codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" --timestamp=none VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop
 100     IDENTIFIER="org.sparkle-project.Sparkle.Autoupdate"
 101     codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" --timestamp=none VLC.app/Contents/Frameworks/Sparkle.framework/Resources/Autoupdate.app
 102     IDENTIFIER="org.sparkle-project.Sparkle"
 103     codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" --timestamp=none VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A
 104
 105     IDENTIFIER="com.Breakpad.crash_report_sender"
 106     codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" --timestamp=none VLC.app/Contents/Frameworks/Breakpad.framework/Resources/crash_report_sender.app
 107     IDENTIFIER="com.googlecode.google-breakpad"
 108     codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" --timestamp=none VLC.app/Contents/Frameworks/Breakpad.framework/Versions/A
 109
 110     info "Signing the framework headers"
 111     for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.h" -exec echo {} \;`
 112     do
 113         fbname=$(basename "$i")
 114         filename="${fbname%.*}"
 115
 116         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" --timestamp=none $i
 117     done
 118
 119     info "Signing the framework strings"
 120     for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.strings" -exec echo {} \;`
 121     do
 122         fbname=$(basename "$i")
 123         filename="${fbname%.*}"
 124
 125         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" --timestamp=none $i
 126     done
 127
 128     info "Signing the framework plist files"
 129     for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.plist" -exec echo {} \;`
 130     do
 131         fbname=$(basename "$i")
 132         filename="${fbname%.*}"
 133
 134         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" --timestamp=none $i
 135     done
 136
 137     info "Signing the framework nib files"
 138     for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.nib" -exec echo {} \;`
 139     do
 140         fbname=$(basename "$i")
 141         filename="${fbname%.*}"
 142
 143         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" --timestamp=none $i
 144     done
 145
 146     info "Signing the headers"
 147     for i in `find VLC.app/Contents/MacOS/include/* -type f -exec echo {} \;`
 148     do
 149         fbname=$(basename "$i")
 150         filename="${fbname%.*}"
 151
 152         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" --timestamp=none $i
 153     done
 154
 155     info "Signing the modules"
 156
 157     for i in `find VLC.app/Contents/MacOS/plugins/* -type f -exec echo {} \;`
 158     do
 159         fbname=$(basename "$i")
 160         filename="${fbname%.*}"
 161
 162         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" --timestamp=none $i
 163     done
 164
 165     info "Signing the libraries"
 166
 167     for i in `find VLC.app/Contents/MacOS/lib/* -type f -exec echo {} \;`
 168     do
 169         fbname=$(basename "$i")
 170         filename="${fbname%.*}"
 171
 172         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" --timestamp=none $i
 173     done
 174
 175     info "Signing share"
 176
 177     for i in `find VLC.app/Contents/MacOS/share/* -type f -exec echo {} \;`
 178     do
 179         fbname=$(basename "$i")
 180         filename="${fbname%.*}"
 181
 182         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" --timestamp=none $i
 183     done
 184
 185     info "Signing the executable"
 186     IDENTIFIER="org.videolan.vlc"
 187     codesign --force -s "$IDENTITY" --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" --timestamp=none VLC.app/Contents/MacOS/VLC
 188 fi
 189
 190 info "all items signed, validating..."
 191
 192 info "Validating frameworks"
 193 codesign --verify -vv VLC.app/Contents/Frameworks/Breakpad.framework
 194 codesign --verify -vv VLC.app/Contents/Frameworks/Growl.framework
 195 codesign --verify -vv VLC.app/Contents/Frameworks/Sparkle.framework
 196
 197 info "Validating autoupdate app"
 198 codesign --verify -vv VLC.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Resources/Autoupdate.app
 199
 200 info "Validating complete bundle"
 201 codesign --verify --deep --verbose=4 VLC.app
 202
 203
 204 info "Validation complete"