From 55a093d8f2b10e589efd3eb4b7a5b3a83371e1fb Mon Sep 17 00:00:00 2001 From: David Fuhrmann Date: Thu, 8 Feb 2018 19:08:21 +0100 Subject: [PATCH] macOS codesign: Add jar files, drop explicit requirement The jar file needs special treatment to be signed correctly: - The identifier must be without any dots. The file has three, and if only the suffix is dropped, then it will be wrongly interpreted as a reverse domain, still - It is not allowed to have a Mac App store certificate signature, together with a jar file, as this is forbidden in the app store. Our explicit requirement was allowing such a signature (see "cert leaf[field.1.2.840.113635.100.6.1.9] exists"). Solution is now to just let codesign do this work internally, therefore the explicit requirement is dropped completely. --- extras/package/macosx/codesign.sh | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/extras/package/macosx/codesign.sh b/extras/package/macosx/codesign.sh index b408d6e61b..07b0fc88d0 100755 --- a/extras/package/macosx/codesign.sh +++ b/extras/package/macosx/codesign.sh @@ -82,25 +82,9 @@ fi # Call with $1 = file or folder, $2 = identifier (if empty, file name is used) sign() { - IDENTIFIER="$2" - if [ -z "$IDENTIFIER" ]; then - filename=$(basename "$1") - IDENTIFIER="${filename%.*}" - fi - # info "Signing file $1 with identifier $IDENTIFIER" - if [ -z "$GK" ]; then - codesign --force --verbose -s "$IDENTITY" --prefix "org.videolan." "$1" - else - REQUIREMENT="=designated => anchor apple generic and identifier \"$IDENTIFIER\" " - REQUIREMENT+="and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or " - REQUIREMENT+="( certificate 1[field.1.2.840.113635.100.6.2.6] exists and " - REQUIREMENT+="certificate leaf[field.1.2.840.113635.100.6.1.13] exists and " - REQUIREMENT+="certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))" - - codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$REQUIREMENT" --timestamp=none "$1" - fi + codesign --force --verbose -s "$IDENTITY" "$1" } @@ -154,7 +138,7 @@ done info "Signing the modules" -for i in $(find VLC.app/Contents/MacOS/plugins -type f -name "*.dylib" -exec echo {} \;) +for i in $(find VLC.app/Contents/MacOS/plugins -type f \( -name "*.dylib" -o -name "*.jar" \) -exec echo {} \;) do sign "$i" done