extras/package/macosx/codesign.sh

   1 #!/bin/bash
   2 # Copyright (C) 2012-2014 Felix Paul Kühne <fkuehne at videolan dot org>
   3 #
   4 # This program is free software; you can redistribute it and/or modify it
   5 # under the terms of the GNU Lesser General Public License as published by
   6 # the Free Software Foundation; either version 2.1 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12 # GNU Lesser General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Lesser General Public License
  15 # along with this program; if not, write to the Free Software Foundation,
  16 # Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
  17
  18 info()
  19 {
  20     green='\x1B[1;32m'
  21     normal='\x1B[0m'
  22     echo -e "[${green}codesign${normal}] $1"
  23 }
  24
  25 usage()
  26 {
  27 cat << EOF
  28 usage: $0 [options]
  29
  30 Sign VLC.app in the current directory
  31
  32 OPTIONS:
  33    -h            Show this help
  34    -i            Identity to use
  35    -t            Entitlements file to use
  36    -g            Enable additional magic
  37 EOF
  38
  39 }
  40
  41 while getopts "hi:t:g" OPTION
  42 do
  43      case $OPTION in
  44          h)
  45              usage
  46              exit 1
  47          ;;
  48          i)
  49              IDENTITY=$OPTARG
  50          ;;
  51          t)
  52              OPTIONS="--entitlements $OPTARG"
  53          ;;
  54          g)
  55              GK="yes"
  56          ;;
  57      esac
  58 done
  59 shift $(($OPTIND - 1))
  60
  61 if [ "x$1" != "x" ]; then
  62     usage
  63     exit 1
  64 fi
  65
  66 if test -z "$GK"
  67 then
  68
  69     info "Signing frameworks"
  70     find VLC.app/Contents/Frameworks/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
  71
  72     info "Signing the executable"
  73     codesign --force -s "$IDENTITY" $OPTIONS VLC.app/Contents/MacOS/VLC
  74
  75     info "Signing the modules"
  76     find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
  77
  78     info "Signing the libraries"
  79     find VLC.app/Contents/MacOS/lib/* -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
  80
  81     info "Signing the lua stuff"
  82     find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --force -s "$IDENTITY" $OPTIONS '{}' \;
  83 else
  84     IDENTIFIER="com.binarymethod.BGHUDAppKit"
  85
  86     FIRSTPARTOF_REQUIREMENT="=designated => anchor apple generic  and identifier \""
  87     SECONDPARTOF_REQUIREMENT="\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or ( certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists  and certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))"
  88
  89     info "Cleaning frameworks"
  90     find VLC.app/Contents/Frameworks -type f -name ".DS_Store" -exec rm '{}' \;
  91     find VLC.app/Contents/Frameworks -type f -name "*.textile" -exec rm '{}' \;
  92     find VLC.app/Contents/Frameworks -type f -name "*.txt" -exec rm '{}' \;
  93
  94     info "Signing frameworks"
  95     codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/BGHUDAppKit.framework/Versions/A
  96     IDENTIFIER="com.growl.growlframework"
  97     codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Growl.framework/Versions/A
  98     IDENTIFIER="org.andymatuschak.Sparkle"
  99     codesign --force --deep --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$IDENTIFIER$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A
 100
 101     info "Signing the framework headers"
 102     for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.h" -exec echo {} \;`
 103     do
 104         fbname=$(basename "$i")
 105         filename="${fbname%.*}"
 106
 107         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
 108     done
 109
 110     info "Signing the framework strings"
 111     for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.strings" -exec echo {} \;`
 112     do
 113         fbname=$(basename "$i")
 114         filename="${fbname%.*}"
 115
 116         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
 117     done
 118
 119     info "Signing the framework plist files"
 120     for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.plist" -exec echo {} \;`
 121     do
 122         fbname=$(basename "$i")
 123         filename="${fbname%.*}"
 124
 125         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
 126     done
 127
 128     info "Signing the framework nib files"
 129     for i in `find VLC.app/Contents/Frameworks/* -type f -name "*.nib" -exec echo {} \;`
 130     do
 131         fbname=$(basename "$i")
 132         filename="${fbname%.*}"
 133
 134         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
 135     done
 136
 137     info "Signing the Sparkle updater tool"
 138     for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "PkgInfo" -exec echo {} \;`
 139     do
 140         fbname=$(basename "$i")
 141         filename="${fbname%.*}"
 142
 143         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
 144     done
 145     for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "Autoupdate" -exec echo {} \;`
 146     do
 147         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
 148     done
 149     for i in `find VLC.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources -type f -name "*.icns" -exec echo {} \;`
 150     do
 151         fbname=$(basename "$i")
 152         filename="${fbname%.*}"
 153
 154         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
 155     done
 156
 157     info "Signing the headers"
 158     for i in `find VLC.app/Contents/MacOS/include/* -type f -exec echo {} \;`
 159     do
 160         fbname=$(basename "$i")
 161         filename="${fbname%.*}"
 162
 163         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
 164     done
 165
 166     info "Signing the modules"
 167
 168     for i in `find VLC.app/Contents/MacOS/plugins/* -type f -exec echo {} \;`
 169     do
 170         fbname=$(basename "$i")
 171         filename="${fbname%.*}"
 172
 173         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
 174     done
 175
 176     info "Signing the libraries"
 177
 178     for i in `find VLC.app/Contents/MacOS/lib/* -type f -exec echo {} \;`
 179     do
 180         fbname=$(basename "$i")
 181         filename="${fbname%.*}"
 182
 183         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
 184     done
 185
 186     info "Signing share"
 187
 188     for i in `find VLC.app/Contents/MacOS/share/* -type f -exec echo {} \;`
 189     do
 190         fbname=$(basename "$i")
 191         filename="${fbname%.*}"
 192
 193         codesign --force -s "$IDENTITY" --preserve-metadata=identifier,entitlements,resource-rules --requirements "$FIRSTPARTOF_REQUIREMENT$filename$SECONDPARTOF_REQUIREMENT" $i
 194     done
 195
 196     info "Signing the executable"
 197     codesign --force -s "$IDENTITY" --requirements "$FIRSTPARTOF_REQUIREMENTorg.videolan.vlc$SECONDPARTOF_REQUIREMENT" VLC.app/Contents/MacOS/VLC
 198 fi
 199
 200 info "all items signed, validating..."
 201
 202 info "Validating binary"
 203 codesign --verify --verbose=4 VLC.app/Contents/MacOS/VLC
 204
 205 info "Validating frameworks"
 206 find VLC.app/Contents/Frameworks/* -type f -exec codesign --verify '{}' \;
 207
 208 info "Validating modules"
 209 find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --verify '{}' \;
 210
 211 info "Validating libraries"
 212 find VLC.app/Contents/MacOS/lib/* -type f -exec codesign --verify '{}' \;
 213
 214 info "Validating lua stuff"
 215 find VLC.app/Contents/MacOS/share/lua/* -name *luac -type f -exec codesign --verify '{}' \;
 216
 217 info "Validation complete"