solenv/bin/macosx-codesign-app-bundle |   47 ++++++++++++++++++++++++++--------
 1 file changed, 37 insertions(+), 10 deletions(-)

New commits:
commit cb76a9c17dcf38817ca45c4675f52dcab01a7749
Author: Norbert Thiebaud <nthieb...@gmail.com>
Date:   Sat Mar 18 09:43:47 2017 -0500

    codesigning script for macosx compained about double signing
    
    Release build of 5.3.2.1 failed in codesign
    apparently LibreOfficePython.framework was being signed more than
    once, which cause codesign to fail and due to a recent
    patch to harden the codesign wrapper, the build itself to fail
    
    This does not address why some part are signed multiple time
    but merely tell codesign to ignore the issue and just sign
    
    This also fix a bash un-initialize variable warning and
    capture output of codesign in case of error to be able to diagnose
    things.
    
    Change-Id: Ibd6752702feb2bdf5163ac30ed7a3fd9c86f961c
    Reviewed-on: https://gerrit.libreoffice.org/35407
    Tested-by: Jenkins <c...@libreoffice.org>
    Reviewed-by: Norbert Thiebaud <nthieb...@gmail.com>
    (cherry picked from commit a332bb9a6cc19f0c212892b3f304583338b0a094)
    Reviewed-on: https://gerrit.libreoffice.org/35542
    Reviewed-by: Miklos Vajna <vmik...@collabora.co.uk>

diff --git a/solenv/bin/macosx-codesign-app-bundle 
b/solenv/bin/macosx-codesign-app-bundle
index 1149e70ea6d1..a330205e9915 100755
--- a/solenv/bin/macosx-codesign-app-bundle
+++ b/solenv/bin/macosx-codesign-app-bundle
@@ -26,7 +26,7 @@ for V in \
 done
 
 APP_BUNDLE="$1"
-
+entitlements=
 if test -n "$ENABLE_MACOSX_SANDBOX"; then
     # In a sandboxed build executables need the entitlements
     entitlements="--entitlements $BUILDDIR/lo.xcent"
@@ -47,7 +47,11 @@ fi
 find -d "$APP_BUNDLE" \( -name '*.jnilib' \) ! -type l |
     while read file; do
     id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
-    codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign 
"$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1
+    codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id 
--sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename 
"$file").log" 2>&1
+    if [ "$?" != "0" ] ; then
+       exit 1
+    fi
+    rm "/tmp/codesign_$(basename "$file").log"
 done
 
 # Sign dylibs
@@ -62,7 +66,11 @@ find "$APP_BUNDLE" \( -name '*.dylib' -or -name '*.dylib.*' 
-or -name '*.so' \
         $other_files \) ! -type l |
 while read file; do
     id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
-    codesign --verbose --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign 
"$MACOSX_CODESIGNING_IDENTITY" "$file" || exit 1
+    codesign --verbose --force --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id 
--sign "$MACOSX_CODESIGNING_IDENTITY" "$file" > "/tmp/codesign_$(basename 
"$file").log" 2>&1
+    if [ "$?" != "0" ] ; then
+       exit 1
+    fi
+    rm "/tmp/codesign_$(basename "$file").log"
 done
 
 # Sign included bundles. First .app ones (i.e. the Python.app inside
@@ -74,7 +82,11 @@ while read app; do
     fn=${fn%.*}
     # Assume the app has a XML (and not binary) Info.plist
     id=`grep -A 1 '<key>CFBundleIdentifier</key>' $app/Contents/Info.plist | 
tail -1 | sed -e 's,.*<string>,,' -e 's,</string>.*,,'`
-    codesign --verbose --identifier=$id --sign "$MACOSX_CODESIGNING_IDENTITY" 
$entitlements "$app" || exit 1
+    codesign --verbose --force --identifier=$id --sign 
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$app" > "/tmp/codesign_${fn}.log" 
2>&1
+    if [ "$?" != "0" ] ; then
+       exit 1
+    fi
+    rm "/tmp/codesign_${fn}.log"
 done
 
 # Then .framework ones. Again, be generic just for kicks.
@@ -87,8 +99,12 @@ while read framework; do
         if test ! -L "$version" -a -d "$version"; then
            # Assume the framework has a XML (and not binary) Info.plist
            id=`grep -A 1 '<key>CFBundleIdentifier</key>' 
$version/Resources/Info.plist | tail -1 | sed -e 's,.*<string>,,' -e 
's,</string>.*,,'`
-            codesign --verbose --identifier=$id --sign 
"$MACOSX_CODESIGNING_IDENTITY" "$version" || exit 1
-        fi
+            codesign --verbose --force --identifier=$id --sign 
"$MACOSX_CODESIGNING_IDENTITY" "$version" > "/tmp/codesign_${fn}.log" 2>&1
+           if [ "$?" != "0" ] ; then
+               exit 1
+           fi
+           rm "/tmp/codesign_${fn}.log"
+       fi
     done
 done
 
@@ -96,7 +112,11 @@ done
 
 find "$APP_BUNDLE" -name '*.mdimporter' -type d |
 while read bundle; do
-    codesign --verbose --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign 
"$MACOSX_CODESIGNING_IDENTITY" "$bundle" || exit 1
+    codesign --verbose --force --prefix=$MACOSX_BUNDLE_IDENTIFIER. --sign 
"$MACOSX_CODESIGNING_IDENTITY" "$bundle" > "/tmp/codesign_$(basename 
"${bundle}").log" 2>&1
+    if [ "$?" != "0" ] ; then
+       exit 1
+    fi
+    rm "/tmp/codesign_$(basename "${bundle}").log"
 done
 
 # Sign executables
@@ -108,7 +128,11 @@ while read file; do
            ;;
        *)
            id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
-           codesign --force --verbose 
--identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign 
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" || exit 1
+           codesign --force --verbose 
--identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign 
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file"  > 
"/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log" 2>&1
+           if [ "$?" != "0" ] ; then
+               exit 1
+           fi
+           rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.${id}.log"
            ;;
     esac
 done
@@ -127,6 +151,9 @@ done
 
 id=`echo ${PRODUCTNAME} | tr ' ' '-'`
 
-codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign 
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1
-
+codesign --force --verbose --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign 
"$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" > 
"/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log" 2>&1
+if [ "$?" != "0" ] ; then
+    exit 1
+fi
+rm "/tmp/codesign_${MACOSX_BUNDLE_IDENTIFIER}.log"
 exit 0
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to