vlc/vlc-2.0 | branch: master | Felix Paul Kühne <[email protected]> | Mon Jun 18 17:52:08 2012 +0200| [025b279e9ece73371fe69fefda2fb959aeba409b] | committer: Felix Paul Kühne
macosx: added a basic script and some entitlements to enable Sandboxing on OS X Lion (refs #5149) (cherry picked from commit eba61d4f3b94f0539c5e250b3222b24c543b67be) > http://git.videolan.org/gitweb.cgi/vlc/vlc-2.0.git/?a=commit;h=025b279e9ece73371fe69fefda2fb959aeba409b --- Makefile.am | 2 + extras/package/macosx/VLC.entitlements | 34 ++++++++++++ extras/package/macosx/codesign.sh | 89 ++++++++++++++++++++++++++++++++ 3 files changed, 125 insertions(+) diff --git a/Makefile.am b/Makefile.am index 4a5e0ef..595dff1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -97,7 +97,9 @@ ChangeLog: Makefile.am ############################################################################### EXTRA_DIST += \ + extras/package/macosx/codesign.sh \ extras/package/macosx/README.MacOSX.rtf \ + extras/package/macosx/VLC.entitlements \ extras/package/macosx/Resources/dsa_pub.pem \ extras/package/macosx/Resources/English.lproj/About.xib \ extras/package/macosx/Resources/English.lproj/AudioEffects.xib \ diff --git a/extras/package/macosx/VLC.entitlements b/extras/package/macosx/VLC.entitlements new file mode 100644 index 0000000..4bff5cd --- /dev/null +++ b/extras/package/macosx/VLC.entitlements @@ -0,0 +1,34 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd";> +<plist version="1.0"> +<dict> + <key>com.apple.security.app-sandbox</key> + <true/> + <key>com.apple.security.assets.movies.read-write</key> + <true/> + <key>com.apple.security.assets.music.read-write</key> + <true/> + <key>com.apple.security.assets.pictures.read-write</key> + <true/> + <key>com.apple.security.device.camera</key> + <true/> + <key>com.apple.security.device.microphone</key> + <true/> + <key>com.apple.security.device.usb</key> + <true/> + <key>com.apple.security.device.serial</key> + <true/> + <key>com.apple.security.files.downloads.read-write</key> + <true/> + <key>com.apple.security.files.user-selected.read-write</key> + <true/> + <key>com.apple.security.network.client</key> + <true/> + <key>com.apple.security.network.server</key> + <true/> + <key>com.apple.security.temporary-exception.files.home-relative-path.read-only</key> + <string>/</string> + <key>com.apple.security.temporary-exception.files.absolute-path.read-only</key> + <string>/dev/</string> +</dict> +</plist> diff --git a/extras/package/macosx/codesign.sh b/extras/package/macosx/codesign.sh new file mode 100755 index 0000000..ecc19dd --- /dev/null +++ b/extras/package/macosx/codesign.sh @@ -0,0 +1,89 @@ +#!/bin/sh +# Copyright @ 2012 Felix Paul Kühne <fkuehne at videolan dot org> +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA. + +info() +{ + local green="\033[1;32m" + local normal="\033[0m" + echo "[${green}codesign${normal}] $1" +} + +usage() +{ +cat << EOF +usage: $0 [options] + +Sign VLC.app in the current directory + +OPTIONS: + -h Show this help + -i Identity to use + -t Entitlements file to use +EOF + +} + +while getopts "hi:t:" OPTION +do + case $OPTION in + h) + usage + exit 1 + ;; + i) + IDENTITY=$OPTARG + ;; + t) + OPTIONS="--entitlements $OPTARG" + ;; + esac +done +shift $(($OPTIND - 1)) + +if [ "x$1" != "x" ]; then + usage + exit 1 +fi + +info "Signing the executable" + +codesign -s "$IDENTITY" $OPTIONS VLC.app/Contents/MacOS/VLC + +info "Signing the modules" +find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign -s "$IDENTITY" $OPTIONS '{}' \; + +info "Signing the libraries" +find VLC.app/Contents/MacOS/lib/* -type f -exec codesign -s "$IDENTITY" $OPTIONS '{}' \; + +info "Signing the lua stuff" +find VLC.app/Contents/MacOS/share/lua/* -type f -exec codesign -s "$IDENTITY" $OPTIONS '{}' \; + +info "all items signed, validating..." + +info "Validating binary" +codesign --verify VLC.app/Contents/MacOS/VLC + +info "Validating modules" +find VLC.app/Contents/MacOS/plugins/* -type f -exec codesign --verify '{}' \; + +info "Validating libraries" +find VLC.app/Contents/MacOS/lib/* -type f -exec codesign --verify '{}' \; + +info "Validating lua stuff" +find VLC.app/Contents/MacOS/share/lua/* -type f -exec codesign --verify '{}' \; + +info "Validation complete" _______________________________________________ vlc-commits mailing list [email protected] http://mailman.videolan.org/listinfo/vlc-commits
