[LyX/2.3.x] Add packaging option to code sign the LyX application

Thu, 21 May 2020 22:24:31 -0700 

commit 957192d7f39d7370425e6482c60f293cb0112e44
Author: Stephan Witt <sw...@lyx.org>
Date:   Thu Feb 20 10:47:23 2020 +0100

    Add packaging option to code sign the LyX application
    
    (cherry picked from commit d2257bb0ffde6706f3ef0a469fa839d0d0ac4985)
---
 development/LyX-Mac-binary-release.sh |   33 +++++++++++++++++++++++++++++++++
 1 files changed, 33 insertions(+), 0 deletions(-)

diff --git a/development/LyX-Mac-binary-release.sh 
b/development/LyX-Mac-binary-release.sh
index 3380711..af00aa2 100644
--- a/development/LyX-Mac-binary-release.sh
+++ b/development/LyX-Mac-binary-release.sh
@@ -212,6 +212,10 @@ while [ $# -gt 0 ]; do
                esac
                shift
                ;;
+       --codesign-identity=*)
+               CODESIGN_IDENTITY=$(echo "${1}"|cut -d= -f2)
+               shift
+               ;;
        --libmagic-deployment=*)
                libmagic_deployment=$(echo ${1}|cut -d= -f2)
                shift
@@ -867,6 +871,34 @@ convert_universal() {
        done
 }
 
+# -------------------------
+# Create code sign signatures
+# -------------------------
+code_sign() {
+       target="$1"
+       condir=$(content_directory "${target}"/lyx)
+       appdir=$(dirname "${condir}")
+       # have to sign frameworks first
+       for csitem in \
+               
"${condir}"/Frameworks/Qt*.framework/Versions/${QtFrameworkVersion} \
+               "${condir}"/Frameworks/*.framework/lib*.dylib \
+               "${condir}"/PlugIns/*/lib*.dylib \
+               "${condir}"/Library/Spotlight/* \
+               "${target}"/inkscape \
+               "${target}"/maxima \
+               "${target}"/tex2lyx \
+               "${target}"/lyxeditor \
+               "${target}"/lyxconvert \
+               "${target}"/lyxclient
+       do
+               codesign --verbose --force --sign "${CODESIGN_IDENTITY}" 
"${csitem}"
+       done
+
+       /usr/bin/codesign --verbose --force --sign "${CODESIGN_IDENTITY}" 
"${appdir}" || {
+               echo Warning: codesign failed with certificate named 
'"'${CODESIGN_IDENTITY}'"'
+       }
+}
+
 deduplicate() {
        find "$@" -type f -print | while read file ; do
                echo $(md5 -q "$file") "$file"
@@ -1027,6 +1059,7 @@ build_package() {
 if [ ${LyxOnlyPackage:-"no"} = "no" ]; then
        build_lyx
        convert_universal
+       test -n "${CODESIGN_IDENTITY}" && code_sign "${LYX_BUNDLE_PATH}"
        copy_dictionaries
 fi
 build_package
-- 
lyx-cvs mailing list
lyx-cvs@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-cvs

Reply via email to