[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-5.0' - 2 commits - desktop/Module_desktop.mk solenv/bin

Andras Timar Tue, 27 Oct 2015 07:13:21 -0700

 desktop/Module_desktop.mk             |    2 
 solenv/bin/macosx-codesign-app-bundle |  124 +++++++++++++++++-----------------
 2 files changed, 67 insertions(+), 59 deletions(-)


New commits:
commit 58fca586668421ad13448622a90f230917a0b3e2
Author: Andras Timar <andras.ti...@collabora.com>
Date:   Tue Oct 27 15:03:31 2015 +0100

    OS X codesign
    
    Change-Id: I71d49b20a7ce96bbbbe3d130a8e8230c7afc0351

diff --git a/solenv/bin/macosx-codesign-app-bundle 
b/solenv/bin/macosx-codesign-app-bundle
index e65d8e6..23fe2be 100755
--- a/solenv/bin/macosx-codesign-app-bundle
+++ b/solenv/bin/macosx-codesign-app-bundle
@@ -1,9 +1,8 @@
 #!/bin/bash
 
-# Script to sign dylibs and frameworks in an app bundle plus the
-# bundle itself. Called from
-# installer::simplepackage::create_package() in
-# solenv/bin/modules/installer/simplepackage.pm
+# Script to sign executables, dylibs and frameworks in an app bundle
+# plus the bundle itself. Called from
+# the test-install target in Makefile.in
 
 test `uname` = Darwin || { echo This is for OS X only; exit 1; }
 
@@ -19,90 +18,97 @@ for V in \
     fi
 done
 
-echo "codesigning using 
MACSOX_CODESIGNING_IDENTITY=[${MACOSX_CODESIGNING_IDENTITY?}]"
-
 APP_BUNDLE="$1"
 
+if test -n "$ENABLE_MACOSX_SANDBOX"; then
+    # In a sandboxed build executables need the entitlements
+    entitlements="--entitlements $BUILDDIR/lo.xcent"
+    # We use --enable-canonical-installation-tree-structure so all
+    # data files in Resources are included in the app bundle signature
+    # through that. I think.
+    other_files=''
+else
+    # In a non-sandboxed build (distributed outside the App Store)
+    # we traditionally have use --resource-rules. Let's not touch that?
+    resource_rules="--resource-rules 
$SRCDIR/setup_native/source/mac/CodesignRules.plist"
+    # And there we then want to sign data files, too, hmm.
+    other_files="\
+ -or -name '*.fodt' -or -name 'schema.strings' -or -name 'schema.xml' \
+ -or -name '*.jar' -or -name '*.jnilib' -or -name 'LICENSE' -or -name 
'LICENSE.html' \
+ -or -name '*.applescript' -or -name '*.odt'"
+fi
+
 # Sign dylibs
 #
-# Executables get signed right after linking, see
-# solenv/gbuild/platform/macosx.mk. But many of our dylibs are built
-# by ad-hoc or 3rd-party mechanisms, so we can't easily sign them
-# right after linking. So do it here.
-#
 # The dylibs in the Python framework are called *.so. Go figure
 #
 # On Mavericks also would like to have data files signed...
 # add some where it makes sense. Make a depth-first search to sign the contents
 # of e.g. the spotlight plugin before attempting to sign the plugin itself
 
-find -d "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.so' -or -name '*.fodt' \
-        -or -name 'schema.strings' -or -name 'schema.xml' -or -name 
'*.mdimporter' \
-        -or -name '*.jar' -or -name '*.jnilib' -or -name 'LICENSE' -or -name 
'LICENSE.html' \
-        -or -name '*.applescript' \) ! -type l | grep -v 
"LibreOfficePython\.framework" | \
+find "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.dylib.*' -or -name '*.so' \
+        $other_files \) ! -type l |
 while read file; do
     id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
-    codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign 
"$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1
+    codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign 
"$MACOSX_CODESIGNING_IDENTITY" "$file"
 done
 
-find $APP_BUNDLE -name '*.dylib.*' ! -type l | \
-while read dylib; do \
-    id=`basename "$dylib"`; \
-    id=`echo $id | sed -e 's/dylib.*/dylib/'`; \
-    codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign 
"$MACOSX_CODESIGNING_IDENTITY" "$dylib" || exit 1
+# Sign executables
+
+find "$APP_BUNDLE/Contents/MacOS" -type f |
+while read file; do
+    id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
+    codesign --force --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id 
--sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file"
 done
 
-# The executables have already been signed by
-# gb_LinkTarget__command_dynamiclink in
-# solenv/gbuild/platform/macosx.mk, but sign the handful of scripts remaining
-# in MacOS
-# (<https://developer.apple.com/library/mac/technotes/tn2206/_index.html> "OS X
-# Code Signing In Depth" suggests we should get rid of them rather sooner than
-# later, but they appear to be OK for now):
-
-for i in gengal python senddoc unoinfo
-do
-    if [ -f "$APP_BUNDLE/Contents/MacOS/$i" ]
-    then
-        codesign --verbose --identifier="$MACOSX_BUNDLE_IDENTIFIER.$i" \
-            --sign "$MACOSX_CODESIGNING_IDENTITY" 
"$APP_BUNDLE/Contents/MacOS/$i" \
-        || exit 1
-    fi
+# Sign included bundles. First .app ones (i.e. the Python.app inside
+# the LibreOfficePython.framework. Be generic for kicks...)
+
+find "$APP_BUNDLE" -name '*.app' -type d |
+while read app; do
+    fn=`basename "$app"`
+    fn=${fn%.*}
+    # Assume the app has a XML (and not binary) Info.plist
+    id=`grep -A 1 '<key>CFBundleIdentifier</key>' $app/Contents/Info.plist | 
tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'`
+    codesign --verbose --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" 
$entitlements "$app"
 done
 
-# Sign frameworks.
-#
-# Yeah, we don't bundle any other framework than our Python one, and
-# it has just one version, so this generic search is mostly for
-# completeness.
+# Then .framework ones. Again, be generic just for kicks.
 
-for framework in `find $APP_BUNDLE -name '*.framework' -type d`; do \
-    fn="$(basename $framework)"
+find "$APP_BUNDLE" -name '*.framework' -type d |
+while read framework; do
+    fn=`basename "$framework"`
     fn=${fn%.*}
-    for version in $framework/Versions/*; do \
-        if test ! -L $version -a -d $version; then
-            codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. 
--sign "$MACOSX_CODESIGNING_IDENTITY" $version/$fn || exit 1
-            codesign --force --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. 
--sign "$MACOSX_CODESIGNING_IDENTITY" $version || exit 1
-        fi; \
-    done; \
+    for version in "$framework"/Versions/*; do
+        if test ! -L "$version" -a -d "$version"; then
+           # Assume the framework has a XML (and not binary) Info.plist
+           id=`grep -A 1 '<key>CFBundleIdentifier</key>' 
$version/Resources/Info.plist | tail -1 | sed -e 's,.*<string>,,' -e 
's,</string>.*,,'`
+            codesign --verbose --identifier=$id --sign 
"$MACOSX_CODESIGNING_IDENTITY" "$version"
+        fi
+    done
+done
+
+# Then mdimporters
+
+find "$APP_BUNDLE" -name '*.mdimporter' -type d |
+while read bundle; do
+    codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign 
"$MACOSX_CODESIGNING_IDENTITY" "$bundle"
 done
 
-# Sign the app bundle as a whole which means finally signing the
-# CFBundleExecutable from Info.plist, i.e. soffice (which is exempted from the
-# on-the-go executable signing in gb_LinkTarget__command_dynamiclink in
-# solenv/gbuild/platform/macosx.mk), plus the contents
+# Sign the app bundle as a whole which means (re-)signing the
+# CFBundleExecutable from Info.plist, i.e. soffice, plus the contents
 # of the Resources tree (which unless you used
 # --enable-canonical-installation-tree-structure is not much, far from
 # all of our non-code "resources").
 #
 # At this stage we also attach the entitlements in the sandboxing case
+#
+# Also omit some files from the Bundle's seal via the resource-rules
+# (bootstraprc and similar that the user might adjust and image files)
+# See also https://developer.apple.com/library/mac/technotes/tn2206/
 
 id=`echo ${MACOSX_APP_NAME} | tr ' ' '-'`
 
-if test -n "$ENABLE_MACOSX_SANDBOX"; then
-    entitlements="--entitlements $BUILDDIR/lo.xcent"
-fi
-
-codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}.$id" 
--sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements $APP_BUNDLE || exit 1
+codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}" 
$resource_rules --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements 
"$APP_BUNDLE"
 
 exit 0
commit 8ae0c053788bf6c3154b6335b9d4e838addac8ba
Author: Miklos Vajna <vmik...@collabora.co.uk>
Date:   Thu Sep 10 09:38:02 2015 +0200

    desktop: enable CppunitTest_desktop_lib only on Linux
    
    Since the test would fail to link on Windows, due to
    
    ifeq ($(GUIBASE),unx)
    $(eval $(call gb_Library_add_exception_objects,sofficeapp,\
        desktop/source/lib/init \
    ))
    endif
    
    in Library_sofficeapp.mk. Given that
    CppunitTest_libreofficekit_tiledrendering is marked as Linux-only as
    well, be consistent and have this test as Linux-only, too.
    
    Change-Id: I6c8884398eba5dcf8a74c9cdc96c869b6108fb7e
    (cherry picked from commit ac882c305da2c5d9c30756da8ac2976f9047622d)

diff --git a/desktop/Module_desktop.mk b/desktop/Module_desktop.mk
index c725a26..d74d406 100644
--- a/desktop/Module_desktop.mk
+++ b/desktop/Module_desktop.mk
@@ -130,8 +130,10 @@ $(eval $(call gb_Module_add_check_targets,desktop, \
     CppunitTest_desktop_version \
 ))
 
+ifeq ($(OS),LINUX)
 $(eval $(call gb_Module_add_check_targets,desktop, \
     CppunitTest_desktop_lib \
 ))
+endif
 
 # vim: set ts=4 sw=4 et:
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-5.0' - 2 commits - desktop/Module_desktop.mk solenv/bin

Reply via email to