Makefile.in | 35 ++++++++++++--
config_host.mk.in | 3 +
configure.ac | 64 ++++++++++++++++++++++++++
instsetoo_native/util/openoffice.lst.in | 6 ++
setup_native/source/mac/Info.plist.langpack | 2
solenv/bin/modules/installer/simplepackage.pm | 3 -
sysui/desktop/macosx/Info.plist | 2
7 files changed, 106 insertions(+), 9 deletions(-)
New commits:
commit ebdd616580bb0d367b78ba0fe3fa56157b90c3ab
Author: Tor Lillqvist <t...@iki.fi>
Date: Fri Feb 1 14:48:15 2013 +0200
Add option to set bundle identifier and use it when signing
Sign also all the dylibs and frameworks in the bundle.
Change-Id: I7f67b9d7eda0204b24e2ea2ef44a53fb8db0f8aa
diff --git a/Makefile.in b/Makefile.in
index 92b680f..f9e38dd7 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -334,11 +334,36 @@ ifeq ($(OS_FOR_BUILD),WNT)
else
ifeq ($(DISABLE_LINKOO),TRUE)
@ooinstall $(DEVINSTALLDIR)/opt
-ifeq ($(OS),MACOSX)
- identity=`security find-identity -p codesigning -v | grep 'Mac
Developer:' | awk '{print $$2}'`; \
- if test -n "$$identity"; then \
- codesign --verbose --sign $$identity
$(DEVINSTALLDIR)/opt/LibreOffice.app; \
- fi
+ifneq ($(MACOSX_CODESIGNING_IDENTITY),)
+#
+# Sign dylibs
+ find $(DEVINSTALLDIR)/opt/LibreOffice.app \( -name '*.dylib' -or -name
'*.dylib.*' \) ! -type l | \
+ while read dylib; do \
+ id=`basename "$$dylib"`; \
+ case $$id in \
+ *.dylib) \
+ ;; \
+ *) \
+ id=`echo $$id | sed -e 's/dylib.*/dylib/'`; \
+ ;; \
+ esac; \
+ codesign --verbose --identifier=$(MACOSX_BUNDLE_IDENTIFIER).$$id
--sign $(MACOSX_CODESIGNING_IDENTITY) "$$dylib"; \
+ done
+#
+# Sign frameworks.
+#
+# Yeah, we don't bundle any other framework than our Python one, and
+# it has just one version, so this generic search is mostly for
+# completeness.
+ for framework in `find $(DEVINSTALLDIR)/opt/LibreOffice.app -name
'*.framework' -type d`; do \
+ for version in $$framework/Versions/*; do \
+ test -d $$version && codesign --force --verbose
--prefix=$(MACOSX_BUNDLE_IDENTIFIER). --sign $(MACOSX_CODESIGNING_IDENTITY)
$$version; \
+ done; \
+ done
+#
+# Sign the app bundle as a whole (will sign the soffice binary)
+ codesign --verbose --sign $(MACOSX_CODESIGNING_IDENTITY)
$(DEVINSTALLDIR)/opt/LibreOffice.app
+#
endif
@install-gdb-printers -L
else
diff --git a/config_host.mk.in b/config_host.mk.in
index 4da38e7..22f923d 100644
--- a/config_host.mk.in
+++ b/config_host.mk.in
@@ -320,6 +320,7 @@ export LIBXSLT_LIBS=$(gb_SPACE)@LIBXSLT_LIBS@
export LINK_X64_BINARY=@LINK_X64_BINARY@
@x_Cygwin@ export LS=@WIN_LS@
export MANDIR=@MANDIR@
+export MACOSX_BUNDLE_IDENTIFIER=@MACOSX_BUNDLE_IDENTIFIER@
export MACOSX_CODESIGNING_IDENTITY=@MACOSX_CODESIGNING_IDENTITY@
export MACOSX_DEPLOYMENT_TARGET=@MACOSX_DEPLOYMENT_TARGET@
export MACOSX_DEPLOYMENT_TARGET_FOR_BUILD=@MACOSX_DEPLOYMENT_TARGET_FOR_BUILD@
diff --git a/configure.ac b/configure.ac
index 7f9fa4d..2c27d51 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1125,6 +1125,12 @@ AC_ARG_ENABLE(macosx-sandbox,
don't use unless you are working on this.]),
,)
+AC_ARG_WITH(macosx-bundle-identifier,
+
AS_HELP_STRING([--with-macosx-bundle-identifier=tld.mumble.orifice.TheOffice],
+ [Define the OS X bundle identifier. Default is the somewhat weird
+ org.libreoffice.script ("script", huh?).]),
+,with_macosx_bundle_identifier=org.libreoffice.script)
+
AC_ARG_ENABLE(postgresql-sdbc,
AS_HELP_STRING([--disable-postgresql-sdbc],
[Disable the build of the PostgreSQL-SDBC driver.])
@@ -2743,6 +2749,12 @@ if test "$_os" = "Darwin"; then
else
AC_MSG_RESULT([no])
fi
+
+ AC_MSG_CHECKING([what OS X app bundle identifier to use])
+
+ MACOSX_BUNDLE_IDENTIFIER=$with_macosx_bundle_identifier
+
+ AC_MSG_RESULT([$MACOSX_BUNDLE_IDENTIFIER])
fi
AC_SUBST(FRAMEWORKSHOME)
AC_SUBST(MACOSX_SDK_PATH)
@@ -2753,6 +2765,7 @@ AC_SUBST(MAC_OS_X_VERSION_MAX_ALLOWED)
AC_SUBST(XCRUN)
AC_SUBST(MACOSX_CODESIGNING_IDENTITY)
AC_SUBST(ENABLE_MACOSX_SANDBOX)
+AC_SUBST(MACOSX_BUNDLE_IDENTIFIER)
dnl ===================================================================
dnl Windows specific tests and stuff
diff --git a/instsetoo_native/util/openoffice.lst.in
b/instsetoo_native/util/openoffice.lst.in
index a6f54ca..5b1b861 100644
--- a/instsetoo_native/util/openoffice.lst.in
+++ b/instsetoo_native/util/openoffice.lst.in
@@ -47,6 +47,7 @@ LibreOffice
PRODUCTVERSION @LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
PRODUCTEXTENSION
.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
POSTVERSIONEXTENSION
+ BUNDLEIDENTIFIER @MACOSX_BUNDLE_IDENTIFIER@
BRANDPACKAGEVERSION @LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
USERDIRPRODUCTVERSION @LIBO_VERSION_MAJOR@
ABOUTBOXPRODUCTVERSION
@LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
@@ -97,6 +98,7 @@ LibreOffice_Dev
PRODUCTEXTENSION
.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
UNIXBASISROOTNAME lodev@LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
POSTVERSIONEXTENSION
+ BUNDLEIDENTIFIER @MACOSX_BUNDLE_IDENTIFIER@
BRANDPACKAGEVERSION @LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
USERDIRPRODUCTVERSION @LIBO_VERSION_MAJOR@
ABOUTBOXPRODUCTVERSION
@LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
@@ -153,6 +155,7 @@ LibreOffice_SDK
PRODUCTVERSION @LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
PRODUCTEXTENSION
.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
POSTVERSIONEXTENSION SDK
+ BUNDLEIDENTIFIER @MACOSX_BUNDLE_IDENTIFIER@.SDK
BRANDPACKAGEVERSION @LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
PACKAGEVERSION
@LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
PACKAGEREVISION {buildid}
@@ -192,6 +195,7 @@ LibreOffice_Dev_SDK
PRODUCTEXTENSION
.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
UNIXBASISROOTNAME lodev@LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
POSTVERSIONEXTENSION SDK
+ BUNDLEIDENTIFIER @MACOSX_BUNDLE_IDENTIFIER@.SDK
BRANDPACKAGEVERSION @LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
PACKAGEVERSION
@LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
PACKAGEREVISION {buildid}
@@ -235,6 +239,7 @@ LibreOffice_Test
PRODUCTVERSION @LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
PRODUCTEXTENSION
.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
POSTVERSIONEXTENSION TEST
+ BUNDLEIDENTIFIER @MACOSX_BUNDLE_IDENTIFIER@.Test
BRANDPACKAGEVERSION @LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
PACKAGEVERSION
@LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
PACKAGEREVISION {buildid}
@@ -274,6 +279,7 @@ LibreOffice_Dev_Test
PRODUCTEXTENSION
.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
UNIXBASISROOTNAME lodev@LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
POSTVERSIONEXTENSION TEST
+ BUNDLEIDENTIFIER @MACOSX_BUNDLE_IDENTIFIER@.Test
BRANDPACKAGEVERSION @LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@
PACKAGEVERSION
@LIBO_VERSION_MAJOR@.@LIBO_VERSION_MINOR@.@LIBO_VERSION_MICRO@.@LIBO_VERSION_PATCH@@LIBO_VERSION_SUFFIX@
PACKAGEREVISION {buildid}
diff --git a/setup_native/source/mac/Info.plist.langpack
b/setup_native/source/mac/Info.plist.langpack
index a54e29b..372e645e 100644
--- a/setup_native/source/mac/Info.plist.langpack
+++ b/setup_native/source/mac/Info.plist.langpack
@@ -35,7 +35,7 @@
<key>CFBundleShortVersionString</key>
<string>9</string>
<key>CFBundleIdentifier</key>
- <string>org.libreoffice.script</string>
+ <string>${BUNDLEIDENTIFIER}</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
diff --git a/solenv/bin/modules/installer/simplepackage.pm
b/solenv/bin/modules/installer/simplepackage.pm
index 55e65bd..09babb0 100755
--- a/solenv/bin/modules/installer/simplepackage.pm
+++ b/solenv/bin/modules/installer/simplepackage.pm
@@ -223,8 +223,7 @@ sub replace_variables_in_scriptfile
replace_one_variable_in_shellscript($scriptfile,
$allvariables->{'PRODUCTNAME'}, "PRODUCTNAME" );
replace_one_variable_in_shellscript($scriptfile,
$allvariables->{'PRODUCTVERSION'}, "PRODUCTVERSION" );
- my $scriptname = lc($allvariables->{'PRODUCTNAME'}) . "\.script";
- if ( $allvariables->{'PRODUCTNAME'} eq "LibreOffice" ) { $scriptname =
"org.libreoffice.script"; }
+ my $scriptname = $allvariables->{'BUNDLEIDENTIFIER'};
replace_one_variable_in_shellscript($scriptfile, $scriptname,
"SEARCHSCRIPTNAME" );
}
diff --git a/sysui/desktop/macosx/Info.plist b/sysui/desktop/macosx/Info.plist
index 45b0543..5a682dc 100755
--- a/sysui/desktop/macosx/Info.plist
+++ b/sysui/desktop/macosx/Info.plist
@@ -1407,7 +1407,7 @@
<key>CFBundleShortVersionString</key>
<string>${ABOUTBOXPRODUCTVERSION}</string>
<key>CFBundleIdentifier</key>
- <string>org.libreoffice.script</string>
+ <string>${BUNDLEIDENTIFIER}</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
commit b46e964064502b019ce57afe34f6a7a82974381a
Author: Tor Lillqvist <t...@iki.fi>
Date: Fri Feb 1 09:19:23 2013 +0200
Configury of OS X code signing and sandboxing
Change-Id: I7d63af2ddb67104daaddcb5f111e26269b9b5030
diff --git a/config_host.mk.in b/config_host.mk.in
index d980a86..4da38e7 100644
--- a/config_host.mk.in
+++ b/config_host.mk.in
@@ -145,6 +145,7 @@ export ENABLE_KDE=@ENABLE_KDE@
export ENABLE_LIBLANGTAG=@ENABLE_LIBLANGTAG@
export ENABLE_LOCKDOWN=@ENABLE_LOCKDOWN@
export ENABLE_LTO=@ENABLE_LTO@
+export ENABLE_MACOSX_SANDBOX=@ENABLE_MACOSX_SANDBOX@
export ENABLE_MEDIAWIKI=@ENABLE_MEDIAWIKI@
export ENABLE_MINIMIZER=@ENABLE_MINIMIZER@
export ENABLE_MYSQLC=@ENABLE_MYSQLC@
@@ -319,6 +320,7 @@ export LIBXSLT_LIBS=$(gb_SPACE)@LIBXSLT_LIBS@
export LINK_X64_BINARY=@LINK_X64_BINARY@
@x_Cygwin@ export LS=@WIN_LS@
export MANDIR=@MANDIR@
+export MACOSX_CODESIGNING_IDENTITY=@MACOSX_CODESIGNING_IDENTITY@
export MACOSX_DEPLOYMENT_TARGET=@MACOSX_DEPLOYMENT_TARGET@
export MACOSX_DEPLOYMENT_TARGET_FOR_BUILD=@MACOSX_DEPLOYMENT_TARGET_FOR_BUILD@
export MACOSX_SDK_PATH=@MACOSX_SDK_PATH@
diff --git a/configure.ac b/configure.ac
index 2862668..7f9fa4d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1109,6 +1109,22 @@ AC_ARG_ENABLE(silent-msi,
[Enable MSI with LIMITUI=1 (silent install).]),
,)
+AC_ARG_ENABLE(macosx-code-signing,
+ AS_HELP_STRING([--enable-macosx-code-signing<=identity>],
+ [Sign executables, dylibs, frameworks and the app bundle. The
+ default is to do signing if there is a suitable certificate
+ in your keychain, so if you don't want that, use the
+ corresponding --disable option. Experimental work in
+ progress, don't use unless you are working on this.]),
+,)
+
+AC_ARG_ENABLE(macosx-sandbox,
+ AS_HELP_STRING([--enable-macosx-sandbox],
+ [Make the app bundle run in a sandbox. Requires code signing.
+ The default is to not do this. Experimental work in progress,
+ don't use unless you are working on this.]),
+,)
+
AC_ARG_ENABLE(postgresql-sdbc,
AS_HELP_STRING([--disable-postgresql-sdbc],
[Disable the build of the PostgreSQL-SDBC driver.])
@@ -2694,6 +2710,39 @@ if test "$_os" = "Darwin"; then
fi
AC_MSG_NOTICE([MAC_OS_X_VERSION_MIN_REQUIRED=$MAC_OS_X_VERSION_MIN_REQUIRED])
AC_MSG_NOTICE([MAC_OS_X_VERSION_MAX_ALLOWED=$MAC_OS_X_VERSION_MAX_ALLOWED])
+
+ AC_MSG_CHECKING([whether to do code signing])
+
+ if test \( -z "$enable_macosx_code_signing" -o
"$enable_macosx_code_signing" = yes \) -a $MACOSX_SDK_VERSION -ge 1070; then
+ # By default use the first suitable certificate. Not sure if should be
looking for the
+ # 'Developer ID Application:' ones instead. The code signing stuff
could be much better
+ # documented...
+ identity=`security find-identity -p codesigning -v 2>/dev/null | grep
'Mac Developer:' | awk '{print $2}' |head -1`
+ if test -n "$identity"; then
+ MACOSX_CODESIGNING_IDENTITY=$identity
+ pretty_name=`security find-identity -p codesigning -v | grep
$MACOSX_CODESIGNING_IDENTITY | sed -e 's/^[[^"]]*"//' -e 's/"//'`
+ AC_MSG_RESULT([yes, using the identity
$MACOSX_CODESIGNING_IDENTITY for $pretty_name])
+ fi
+ elif test -n "$enable_macosx_code_signing" -a $MACOSX_SDK_VERSION -lt
1070; then
+ AC_MSG_ERROR([Don't bother trying to use code signing with a SDK older
than 10.7])
+ elif test -n "$enable_macosx_code_signing"; then
+ MACOSX_CODESIGNING_IDENTITY=$enable_macosx_code_signing
+ pretty_name=`security find-identity -p codesigning -v | grep
$MACOSX_CODESIGNING_IDENTITY | sed -e 's/^[[^"]]*"//' -e 's/"//'`
+ AC_MSG_RESULT([yes, using the identity $MACOSX_CODESIGNING_IDENTITY
for $pretty_name])
+ else
+ AC_MSG_RESULT([no])
+ fi
+
+ AC_MSG_CHECKING([whether to sandbox the application])
+
+ if test -z "$MACOSX_CODESIGNING_IDENTITY" -a "$enable_macosx_sandbox" =
yes; then
+ AC_MSG_ERROR([OS X sandboxing requires code signing])
+ elif test -n "$MACOSX_CODESIGNING_IDENTITY" -a "$enable_macosx_sandbox" =
yes; then
+ ENABLE_MACOSX_SANDBOX=YES
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ fi
fi
AC_SUBST(FRAMEWORKSHOME)
AC_SUBST(MACOSX_SDK_PATH)
@@ -2702,6 +2751,8 @@ AC_SUBST(MACOSX_DEPLOYMENT_TARGET)
AC_SUBST(MAC_OS_X_VERSION_MIN_REQUIRED)
AC_SUBST(MAC_OS_X_VERSION_MAX_ALLOWED)
AC_SUBST(XCRUN)
+AC_SUBST(MACOSX_CODESIGNING_IDENTITY)
+AC_SUBST(ENABLE_MACOSX_SANDBOX)
dnl ===================================================================
dnl Windows specific tests and stuff
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
