forked from sanyaade-mobiledev/chromium.src
-
Notifications
You must be signed in to change notification settings - Fork 3
/
macstore_sign.sh
91 lines (85 loc) · 4.2 KB
/
macstore_sign.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/bin/sh
echo
echo "True Interactions (Tint) and node-webkit Mac App Store / Entitlements Signing Tool."
echo "NOTE: THIS SIGNING TOOL IS INTENDED ONLY FOR APPLICATIONS TO BE SUBMITTED TO"
echo "THE MAC APP STORE OR THAT NEED ENTITLEMENTS. IF YOU DO NOT PLAN ON USING EITHER"
echo "USE THE DEFAULT SIGNING UTILITY."
echo "www.trueinteractions.com"
echo
if [ -z "$5" ]
then
echo "Usage: sign.sh application_file_path application_name bundle_id identity out_directory"
echo " application_file_name \t The full path to the application to sign, original is not modified"
echo " application_name \t\t The full application name (with spaces if needed), do not include .app extention"
echo " bundle_id \t\t\t The bundle identifier used in the Info.plist, it must be unique for helpers and the app"
echo " identity \t\t\t The identity to sign the application with (a valid list of id's is printed out later)"
echo " out_directory \t\t The directory to place the signed application at"
echo ""
echo "If you do not know your identity pick the most appropriate one from the list below, the valid identities"
echo "installed on your /Applications/Utilities/Keychain Access.app are:"
echo
security -q find-identity -p codesigning -v
echo
echo "Tip: your identity is the alpha-numeric, usually 10 character long string contained between parenthesis."
echo "Note that entitlements for the Mac App Store will be applied, this will sandbox the application and may"
echo "in certain circumstances cause new errors if your application plays outside of Mac App Stores rules."
echo
exit 1;
fi
export SOURCE=$1
export NAME=$2
export IDENTITY=$4
export BUNDLEID=$3
export OUTDIRECTORY=$5
export ENTITLEMENTS_PARENT='<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.personal-information.location</key>
<true/>
<key>com.apple.security.print</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
</dict>
</plist>
'
export ENTITLEMENTS_CHILD='<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>
'
echo "$ENTITLEMENTS_PARENT" > /tmp/entitlements.parent
echo "$ENTITLEMENTS_CHILD" > /tmp/entitlements.child
# copy your app to this folder.
rm -rf $OUTDIRECTORY/$NAME.app
cp -p -a $SOURCE $OUTDIRECTORY/$NAME.app
echo "==Signing Code=="
codesign --deep -s $IDENTITY -i $BUNDLEID --entitlements /tmp/entitlements.child "$OUTDIRECTORY/$NAME.app/Contents/Frameworks/$NAME Helper.app"
codesign --deep -s $IDENTITY -i $BUNDLEID --entitlements /tmp/entitlements.child "$OUTDIRECTORY/$NAME.app/Contents/Frameworks/$NAME Helper EH.app"
codesign --deep -s $IDENTITY -i $BUNDLEID --entitlements /tmp/entitlements.child "$OUTDIRECTORY/$NAME.app/Contents/Frameworks/$NAME Helper NP.app"
codesign --deep -s $IDENTITY -i $BUNDLEID --entitlements /tmp/entitlements.parent "$OUTDIRECTORY/$NAME.app"
# validate entitlements
echo "==Validating entitlements and Mac App Store needs=="
codesign -dvvv --entitlements :- "$OUTDIRECTORY/$NAME.app/Contents/Frameworks/$NAME Helper.app/Contents/MacOS/$NAME Helper"
codesign -dvvv --entitlements :- "$OUTDIRECTORY/$NAME.app/Contents/Frameworks/$NAME Helper EH.app/Contents/MacOS/$NAME Helper EH"
codesign -dvvv --entitlements :- "$OUTDIRECTORY/$NAME.app/Contents/Frameworks/$NAME Helper NP.app/Contents/MacOS/$NAME Helper NP"
codesign -dvvv --entitlements :- "$OUTDIRECTORY/$NAME.app/Contents/MacOS/$NAME"
# validate code signatures
echo "==Validating code signature and subsequent resources=="
spctl --assess -vvvv "$OUTDIRECTORY/$NAME.app/Contents/Frameworks/$NAME Helper.app"
spctl --assess -vvvv "$OUTDIRECTORY/$NAME.app/Contents/Frameworks/$NAME Helper EH.app"
spctl --assess -vvvv "$OUTDIRECTORY/$NAME.app/Contents/Frameworks/$NAME Helper NP.app"
spctl --assess -vvvv "$OUTDIRECTORY/$NAME.app"