Revision: 12404
http://sourceforge.net/p/skim-app/code/12404
Author: hofman
Date: 2021-09-13 15:13:40 +0000 (Mon, 13 Sep 2021)
Log Message:
-----------
Hardened runtime and entitlements only with developer signature
Modified Paths:
--------------
trunk/codesign_skim.sh
Modified: trunk/codesign_skim.sh
===================================================================
--- trunk/codesign_skim.sh 2021-09-07 16:41:56 UTC (rev 12403)
+++ trunk/codesign_skim.sh 2021-09-13 15:13:40 UTC (rev 12404)
@@ -10,6 +10,12 @@
SKIM_BUNDLE_PATH="${!#}"
+if [[ "$IDENTITY" == "Developer ID Application:"* ]]; then
+ CODESIGN_OPTIONS="-o runtime"
+else
+ CODESIGN_OPTIONS=
+fi
+
SKIM_ENTITLEMENTS=$(dirname "$0")/Skim.entitlements
# see
https://mjtsai.com/blog/2021/02/18/code-signing-when-building-on-apple-silicon/
@@ -21,20 +27,20 @@
# have to sign frameworks first
LOCATION="${CONTENTS_DIR}/Frameworks"
codesign ${CODESIGN_FLAGS} -s "${IDENTITY}" "${LOCATION}/SkimNotes.framework"
-codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}" --identifier
"org.sparkle-project.Sparkle.Autoupdate.fileop"
"${LOCATION}/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop"
-codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}"
"${LOCATION}/Sparkle.framework/Versions/A/Resources/Autoupdate.app"
+codesign ${CODESIGN_FLAGS} ${CODESIGN_OPTIONS} -s "${IDENTITY}" --identifier
"org.sparkle-project.Sparkle.Autoupdate.fileop"
"${LOCATION}/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop"
+codesign ${CODESIGN_FLAGS} ${CODESIGN_OPTIONS} -s "${IDENTITY}"
"${LOCATION}/Sparkle.framework/Versions/A/Resources/Autoupdate.app"
codesign ${CODESIGN_FLAGS} -s "${IDENTITY}" "${LOCATION}/Sparkle.framework"
LOCATION="${CONTENTS_DIR}/Library"
codesign ${CODESIGN_FLAGS} -s "${IDENTITY}"
"${LOCATION}/Spotlight/SkimImporter.mdimporter/Contents/Frameworks/SkimNotesBase.framework"
-codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}"
"${LOCATION}/Spotlight/SkimImporter.mdimporter/Contents/MacOS/SkimImporter"
-codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}"
"${LOCATION}/QuickLook/Skim.qlgenerator/Contents/MacOS/Skim"
+codesign ${CODESIGN_FLAGS} ${CODESIGN_OPTIONS} -s "${IDENTITY}"
"${LOCATION}/Spotlight/SkimImporter.mdimporter/Contents/MacOS/SkimImporter"
+codesign ${CODESIGN_FLAGS} ${CODESIGN_OPTIONS} -s "${IDENTITY}"
"${LOCATION}/QuickLook/Skim.qlgenerator/Contents/MacOS/Skim"
LOCATION="${CONTENTS_DIR}/Plugins"
-codesign ${CODESIGN_FLAGS} -o runtime --sign "${IDENTITY}"
"${LOCATION}/SkimTransitions.plugin/Contents/MacOS/SkimTransitions"
+codesign ${CODESIGN_FLAGS} ${CODESIGN_OPTIONS} --sign "${IDENTITY}"
"${LOCATION}/SkimTransitions.plugin/Contents/MacOS/SkimTransitions"
LOCATION="${CONTENTS_DIR}/SharedSupport"
-codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}" --identifier
"net.sourceforge.skim-app.tool.skimnotes" "${LOCATION}/skimnotes"
-codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}" --identifier
"net.sourceforge.skim-app.tool.skimpdf" "${LOCATION}/skimpdf"
+codesign ${CODESIGN_FLAGS} ${CODESIGN_OPTIONS} -s "${IDENTITY}" --identifier
"net.sourceforge.skim-app.tool.skimnotes" "${LOCATION}/skimnotes"
+codesign ${CODESIGN_FLAGS} ${CODESIGN_OPTIONS} -s "${IDENTITY}" --identifier
"net.sourceforge.skim-app.tool.skimpdf" "${LOCATION}/skimpdf"
-codesign ${CODESIGN_FLAGS} -o runtime -s "${IDENTITY}" --entitlements
"${SKIM_ENTITLEMENTS}" "${SKIM_BUNDLE_PATH}"
+codesign ${CODESIGN_FLAGS} ${CODESIGN_OPTIONS} -s "${IDENTITY}"
${CODESIGN_OPTIONS:+--entitlements "${SKIM_ENTITLEMENTS}"} "${SKIM_BUNDLE_PATH}"
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
_______________________________________________
Skim-app-commit mailing list
Skim-app-commit@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/skim-app-commit
