Mercurial > hg > tony
annotate deploy/osx/sign.sh @ 590:8310773a6710
Acquire newer Hg version
| author | Chris Cannam |
|---|---|
| date | Fri, 06 Sep 2019 11:07:30 +0100 |
| parents | e37d76c3242f |
| children | b03b967c3d2e |
| rev | line source |
|---|---|
| Chris@100 | 1 #!/bin/bash |
| Chris@62 | 2 |
| Chris@437 | 3 set -eu |
| Chris@437 | 4 |
| Chris@62 | 5 # Execute this from the top-level directory of the project (the one |
| Chris@62 | 6 # that contains the .app bundle). Supply the name of the .app bundle |
| Chris@62 | 7 # as argument |
| Chris@62 | 8 dir="$1" |
| Chris@62 | 9 if [ -z "$dir" ] || [ ! -d "$dir" ]; then |
| Chris@62 | 10 echo "Usage: $0 <pkgdir>" |
| Chris@62 | 11 echo "Where pkgdir is the directory containing <MyApplication>.app" |
| Chris@62 | 12 echo "All .app bundles in pkgdir will be signed" |
| Chris@62 | 13 exit 2 |
| Chris@62 | 14 fi |
| Chris@544 | 15 |
| Chris@589 | 16 if /bin/false; then |
| cannam@567 | 17 |
| Chris@589 | 18 echo |
| Chris@589 | 19 echo "Experimentally attempting sandboxing + hardened runtime (this won't work)" |
| Chris@589 | 20 echo |
| Chris@589 | 21 |
| Chris@589 | 22 entitlements=deploy/osx/Entitlements.plist |
| Chris@589 | 23 |
| Chris@589 | 24 for app in "$dir"/*.app; do |
| Chris@589 | 25 find "$app" -name \*.dylib -print | while read fr; do |
| Chris@589 | 26 codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime "$fr" |
| Chris@589 | 27 done |
| Chris@589 | 28 codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime --entitlements "$entitlements" "$app/Contents/MacOS/Tony" |
| Chris@589 | 29 codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime --entitlements "$entitlements" "$app" |
| Chris@100 | 30 done |
| Chris@62 | 31 |
| Chris@589 | 32 else |
| Chris@589 | 33 |
| Chris@589 | 34 echo |
| Chris@589 | 35 echo "Not applying sandboxing or hardened runtime" |
| Chris@589 | 36 echo |
| Chris@589 | 37 |
| Chris@589 | 38 for app in "$dir"/*.app; do |
| Chris@589 | 39 find "$app" -name \*.dylib -print | while read fr; do |
| Chris@589 | 40 codesign -s "Developer ID Application: Chris Cannam" -fv --deep "$fr" |
| Chris@589 | 41 done |
| Chris@589 | 42 codesign -s "Developer ID Application: Chris Cannam" -fv --deep "$app/Contents/MacOS/Tony" |
| Chris@589 | 43 codesign -s "Developer ID Application: Chris Cannam" -fv --deep "$app" |
| Chris@589 | 44 done |
| Chris@589 | 45 |
| Chris@589 | 46 fi |
| Chris@589 | 47 |