15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#!/bin/bash -p 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# Copyright (c) 2012 The Chromium Authors. All rights reserved. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# Use of this source code is governed by a BSD-style license that can be 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# found in the LICENSE file. 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# Using codesign, sign the contents of the versioned directory. Namely, this 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# includes the framework and helper app. After signing, the signatures are 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# verified. 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)set -eu 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# Environment sanitization. Set a known-safe PATH. Clear environment variables 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# that might impact the interpreter's operation. The |bash -p| invocation 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# on the #! line takes the bite out of BASH_ENV, ENV, and SHELLOPTS (among 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# other features), but clearing them here ensures that they won't impact any 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# shell scripts used as utility programs. SHELLOPTS is read-only and can't be 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# unset, only unexported. 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)export PATH="/usr/bin:/bin:/usr/sbin:/sbin" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)unset BASH_ENV CDPATH ENV GLOBIGNORE IFS POSIXLY_CORRECT 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)export -n SHELLOPTS 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)ME="$(basename "${0}")" 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)readonly ME 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)if [[ ${#} -ne 3 ]]; then 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) echo "usage: ${ME} app_path codesign_keychain codesign_id" >& 2 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) exit 1 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)fi 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)app_path="${1}" 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)codesign_keychain="${2}" 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)codesign_id="${3}" 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)versioned_dir="${app_path}/Contents/Versions/@VERSION@" 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# An .app bundle to be signed can be signed directly. Normally, signing a 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# framework bundle requires that each version within be signed individually. 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# http://developer.apple.com/mac/library/technotes/tn2007/tn2206.html#TNTAG13 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# In Chrome's case, the framework bundle is unversioned, so it too can be 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# signed directly. See copy_framework_unversioned.sh. 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)framework="${versioned_dir}/@MAC_PRODUCT_NAME@ Framework.framework" 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)helper_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper.app" 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)helper_eh_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper EH.app" 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)helper_np_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper NP.app" 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)requirement_suffix="\ 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)and certificate leaf = H\"85cee8254216185620ddc8851c7a9fc4dfe120ef\"\ 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)" 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)codesign -s "${codesign_id}" --keychain "${codesign_keychain}" "${framework}" \ 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) -r="designated => identifier \"com.google.Chrome.framework\" \ 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)${requirement_suffix}" 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)codesign -s "${codesign_id}" --keychain "${codesign_keychain}" "${helper_app}" \ 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) -r="designated => identifier \"com.google.Chrome.helper\" \ 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)${requirement_suffix}" 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)codesign -s "${codesign_id}" --keychain "${codesign_keychain}" \ 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "${helper_eh_app}" \ 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) -r="designated => identifier \"com.google.Chrome.helper.EH\" \ 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)${requirement_suffix}" 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)codesign -s "${codesign_id}" --keychain "${codesign_keychain}" \ 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "${helper_np_app}" \ 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) -r="designated => identifier \"com.google.Chrome.helper.NP\" \ 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)${requirement_suffix}" 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# Verify everything. 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)codesign -v "${framework}" 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)codesign -v "${helper_app}" 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)codesign -v "${helper_eh_app}" 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)codesign -v "${helper_np_app}" 72