Mercurial > hg > tony
annotate deploy/osx/sign.sh @ 618:e81a0dc79949
Subrepo update
| author | Chris Cannam |
|---|---|
| date | Thu, 10 Oct 2019 13:04:06 +0100 |
| parents | b03b967c3d2e |
| children | fe1a77d4aeaa |
| rev | line source |
|---|---|
| Chris@100 | 1 #!/bin/bash |
| Chris@62 | 2 |
| Chris@437 | 3 set -eu |
| Chris@437 | 4 |
| Chris@62 | 5 # Execute this from the top-level directory of the project (the one |
| Chris@62 | 6 # that contains the .app bundle). Supply the name of the .app bundle |
| Chris@62 | 7 # as argument |
| Chris@62 | 8 dir="$1" |
| Chris@62 | 9 if [ -z "$dir" ] || [ ! -d "$dir" ]; then |
| Chris@62 | 10 echo "Usage: $0 <pkgdir>" |
| Chris@62 | 11 echo "Where pkgdir is the directory containing <MyApplication>.app" |
| Chris@62 | 12 echo "All .app bundles in pkgdir will be signed" |
| Chris@62 | 13 exit 2 |
| Chris@62 | 14 fi |
| Chris@544 | 15 |
| Chris@605 | 16 if false; then |
| cannam@567 | 17 |
| Chris@589 | 18 echo |
| Chris@589 | 19 echo "Experimentally attempting sandboxing + hardened runtime (this won't work)" |
| Chris@589 | 20 echo |
| Chris@589 | 21 |
| Chris@589 | 22 entitlements=deploy/osx/Entitlements.plist |
| Chris@589 | 23 |
| Chris@589 | 24 for app in "$dir"/*.app; do |
| Chris@589 | 25 find "$app" -name \*.dylib -print | while read fr; do |
| Chris@589 | 26 codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime "$fr" |
| Chris@589 | 27 done |
| Chris@589 | 28 codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime --entitlements "$entitlements" "$app/Contents/MacOS/Tony" |
| Chris@589 | 29 codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime --entitlements "$entitlements" "$app" |
| Chris@100 | 30 done |
| Chris@62 | 31 |
| Chris@589 | 32 else |
| Chris@589 | 33 |
| Chris@589 | 34 echo |
| Chris@589 | 35 echo "Not applying sandboxing or hardened runtime" |
| Chris@589 | 36 echo |
| Chris@589 | 37 |
| Chris@589 | 38 for app in "$dir"/*.app; do |
| Chris@589 | 39 find "$app" -name \*.dylib -print | while read fr; do |
| Chris@589 | 40 codesign -s "Developer ID Application: Chris Cannam" -fv --deep "$fr" |
| Chris@589 | 41 done |
| Chris@589 | 42 codesign -s "Developer ID Application: Chris Cannam" -fv --deep "$app/Contents/MacOS/Tony" |
| Chris@589 | 43 codesign -s "Developer ID Application: Chris Cannam" -fv --deep "$app" |
| Chris@589 | 44 done |
| Chris@589 | 45 |
| Chris@589 | 46 fi |
| Chris@589 | 47 |