Mercurial > hg > tony
changeset 589:e37d76c3242f
Don't sandbox by default
| author | Chris Cannam |
|---|---|
| date | Fri, 06 Sep 2019 11:06:18 +0100 |
| parents | 32c76f6baad8 |
| children | 8310773a6710 |
| files | deploy/osx/sign.sh |
| diffstat | 1 files changed, 29 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/deploy/osx/sign.sh Fri Sep 06 09:35:09 2019 +0100 +++ b/deploy/osx/sign.sh Fri Sep 06 11:06:18 2019 +0100 @@ -13,13 +13,35 @@ exit 2 fi -entitlements=deploy/osx/Entitlements.plist +if /bin/false; then -for app in "$dir"/*.app; do - find "$app" -name \*.dylib -print | while read fr; do - codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime "$fr" + echo + echo "Experimentally attempting sandboxing + hardened runtime (this won't work)" + echo + + entitlements=deploy/osx/Entitlements.plist + + for app in "$dir"/*.app; do + find "$app" -name \*.dylib -print | while read fr; do + codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime "$fr" + done + codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime --entitlements "$entitlements" "$app/Contents/MacOS/Tony" + codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime --entitlements "$entitlements" "$app" done - codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime --entitlements "$entitlements" "$app/Contents/MacOS/Tony" - codesign -s "Developer ID Application: Chris Cannam" -fv --deep --options runtime --entitlements "$entitlements" "$app" -done +else + + echo + echo "Not applying sandboxing or hardened runtime" + echo + + for app in "$dir"/*.app; do + find "$app" -name \*.dylib -print | while read fr; do + codesign -s "Developer ID Application: Chris Cannam" -fv --deep "$fr" + done + codesign -s "Developer ID Application: Chris Cannam" -fv --deep "$app/Contents/MacOS/Tony" + codesign -s "Developer ID Application: Chris Cannam" -fv --deep "$app" + done + +fi +