mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 12:02:48 +01:00
backport: macos code signing (dashpay#4978)
This commit is contained in:
parent
747475b55f
commit
6a57fa0c68
@ -8,9 +8,13 @@ architectures:
|
|||||||
packages:
|
packages:
|
||||||
- "faketime"
|
- "faketime"
|
||||||
- "xorriso"
|
- "xorriso"
|
||||||
|
- "python3-pip"
|
||||||
remotes:
|
remotes:
|
||||||
- "url": "https://github.com/dashpay/dash-detached-sigs.git"
|
- "url": "https://github.com/dashpay/dash-detached-sigs.git"
|
||||||
"dir": "signature"
|
"dir": "signature"
|
||||||
|
- "url": "https://github.com/achow101/signapple.git"
|
||||||
|
"dir": "signapple"
|
||||||
|
"commit": "8a945a2e7583be2665cf3a6a89d665b70ecd1ab6"
|
||||||
files:
|
files:
|
||||||
- "dashcore-osx-unsigned.tar.gz"
|
- "dashcore-osx-unsigned.tar.gz"
|
||||||
script: |
|
script: |
|
||||||
@ -31,11 +35,19 @@ script: |
|
|||||||
chmod +x ${WRAP_DIR}/${prog}
|
chmod +x ${WRAP_DIR}/${prog}
|
||||||
done
|
done
|
||||||
|
|
||||||
UNSIGNED=dashcore-osx-unsigned.tar.gz
|
# Install signapple
|
||||||
|
cd signapple
|
||||||
|
python3 -m pip install -U pip setuptools
|
||||||
|
python3 -m pip install .
|
||||||
|
export PATH="$HOME/.local/bin":$PATH
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
UNSIGNED_TARBALL=dashcore-osx-unsigned.tar.gz
|
||||||
|
UNSIGNED_APP=dist/Dash-Qt.app
|
||||||
SIGNED=dashcore-osx-signed.dmg
|
SIGNED=dashcore-osx-signed.dmg
|
||||||
|
|
||||||
tar -xf ${UNSIGNED}
|
tar -xf ${UNSIGNED_TARBALL}
|
||||||
OSX_VOLNAME="$(cat osx_volname)"
|
OSX_VOLNAME="$(cat osx_volname)"
|
||||||
./detached-sig-apply.sh ${UNSIGNED} signature/osx
|
./detached-sig-apply.sh ${UNSIGNED_APP} signature/osx/dist
|
||||||
${WRAP_DIR}/xorrisofs -D -l -V "${OSX_VOLNAME}" -no-pad -r -dir-mode 0755 -o uncompressed.dmg signed-app
|
${WRAP_DIR}/xorrisofs -D -l -V "${OSX_VOLNAME}" -no-pad -r -dir-mode 0755 -o uncompressed.dmg signed-app
|
||||||
${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}
|
${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}
|
||||||
|
@ -156,8 +156,6 @@ script: |
|
|||||||
cp contrib/macdeploy/detached-sig-apply.sh unsigned-app-${i}
|
cp contrib/macdeploy/detached-sig-apply.sh unsigned-app-${i}
|
||||||
cp contrib/macdeploy/detached-sig-create.sh unsigned-app-${i}
|
cp contrib/macdeploy/detached-sig-create.sh unsigned-app-${i}
|
||||||
cp ${BASEPREFIX}/${i}/native/bin/dmg unsigned-app-${i}
|
cp ${BASEPREFIX}/${i}/native/bin/dmg unsigned-app-${i}
|
||||||
cp ${BASEPREFIX}/${i}/native/bin/${i}-codesign_allocate unsigned-app-${i}/codesign_allocate
|
|
||||||
cp ${BASEPREFIX}/${i}/native/bin/${i}-pagestuff unsigned-app-${i}/pagestuff
|
|
||||||
mv dist unsigned-app-${i}
|
mv dist unsigned-app-${i}
|
||||||
pushd unsigned-app-${i}
|
pushd unsigned-app-${i}
|
||||||
find . | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz
|
find . | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz
|
||||||
|
@ -8,10 +8,9 @@ set -e
|
|||||||
|
|
||||||
UNSIGNED="$1"
|
UNSIGNED="$1"
|
||||||
SIGNATURE="$2"
|
SIGNATURE="$2"
|
||||||
ARCH=x86_64
|
|
||||||
ROOTDIR=dist
|
ROOTDIR=dist
|
||||||
TEMPDIR=signed.temp
|
|
||||||
OUTDIR=signed-app
|
OUTDIR=signed-app
|
||||||
|
SIGNAPPLE=signapple
|
||||||
|
|
||||||
if [ -z "$UNSIGNED" ]; then
|
if [ -z "$UNSIGNED" ]; then
|
||||||
echo "usage: $0 <unsigned app> <signature>"
|
echo "usage: $0 <unsigned app> <signature>"
|
||||||
@ -23,35 +22,6 @@ if [ -z "$SIGNATURE" ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rm -rf ${TEMPDIR} && mkdir -p ${TEMPDIR}
|
${SIGNAPPLE} apply ${UNSIGNED} ${SIGNATURE}
|
||||||
tar -C ${TEMPDIR} -xf ${UNSIGNED}
|
mv ${ROOTDIR} ${OUTDIR}
|
||||||
cp -rf "${SIGNATURE}"/* ${TEMPDIR}
|
|
||||||
|
|
||||||
if [ -z "${PAGESTUFF}" ]; then
|
|
||||||
PAGESTUFF=${TEMPDIR}/pagestuff
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "${CODESIGN_ALLOCATE}" ]; then
|
|
||||||
CODESIGN_ALLOCATE=${TEMPDIR}/codesign_allocate
|
|
||||||
fi
|
|
||||||
|
|
||||||
find ${TEMPDIR} -name "*.sign" | while read i; do
|
|
||||||
SIZE=$(stat -c %s "${i}")
|
|
||||||
TARGET_FILE="$(echo "${i}" | sed 's/\.sign$//')"
|
|
||||||
|
|
||||||
echo "Allocating space for the signature of size ${SIZE} in ${TARGET_FILE}"
|
|
||||||
${CODESIGN_ALLOCATE} -i "${TARGET_FILE}" -a ${ARCH} ${SIZE} -o "${i}.tmp"
|
|
||||||
|
|
||||||
OFFSET=$(${PAGESTUFF} "${i}.tmp" -p | tail -2 | grep offset | sed 's/[^0-9]*//g')
|
|
||||||
if [ -z ${QUIET} ]; then
|
|
||||||
echo "Attaching signature at offset ${OFFSET}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
dd if="$i" of="${i}.tmp" bs=1 seek=${OFFSET} count=${SIZE} 2>/dev/null
|
|
||||||
mv "${i}.tmp" "${TARGET_FILE}"
|
|
||||||
rm "${i}"
|
|
||||||
echo "Success."
|
|
||||||
done
|
|
||||||
mv ${TEMPDIR}/${ROOTDIR} ${OUTDIR}
|
|
||||||
rm -rf ${TEMPDIR}
|
|
||||||
echo "Signed: ${OUTDIR}"
|
echo "Signed: ${OUTDIR}"
|
||||||
|
@ -8,44 +8,21 @@ set -e
|
|||||||
|
|
||||||
ROOTDIR=dist
|
ROOTDIR=dist
|
||||||
BUNDLE="${ROOTDIR}/Dash-Qt.app"
|
BUNDLE="${ROOTDIR}/Dash-Qt.app"
|
||||||
CODESIGN=codesign
|
SIGNAPPLE=signapple
|
||||||
TEMPDIR=sign.temp
|
TEMPDIR=sign.temp
|
||||||
TEMPLIST=${TEMPDIR}/signatures.txt
|
|
||||||
OUT=signature-osx.tar.gz
|
OUT=signature-osx.tar.gz
|
||||||
OUTROOT=osx
|
OUTROOT=osx/dist
|
||||||
|
|
||||||
if [ -z "$1" ]; then
|
if [ -z "$1" ]; then
|
||||||
echo "usage: $0 <codesign args>"
|
echo "usage: $0 <signapple args>"
|
||||||
echo "example: $0 -s MyIdentity"
|
echo "example: $0 <path to key>"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rm -rf ${TEMPDIR} ${TEMPLIST}
|
rm -rf ${TEMPDIR}
|
||||||
mkdir -p ${TEMPDIR}
|
mkdir -p ${TEMPDIR}
|
||||||
|
|
||||||
${CODESIGN} -f --file-list ${TEMPLIST} -o runtime "$@" "${BUNDLE}"
|
${SIGNAPPLE} sign -f --detach "${TEMPDIR}/${OUTROOT}" "$@" "${BUNDLE}"
|
||||||
|
|
||||||
grep -v CodeResources < "${TEMPLIST}" | while read i; do
|
|
||||||
TARGETFILE="${BUNDLE}/$(echo "${i}" | sed "s|.*${BUNDLE}/||")"
|
|
||||||
SIZE=$(pagestuff "$i" -p | tail -2 | grep size | sed 's/[^0-9]*//g')
|
|
||||||
OFFSET=$(pagestuff "$i" -p | tail -2 | grep offset | sed 's/[^0-9]*//g')
|
|
||||||
SIGNFILE="${TEMPDIR}/${OUTROOT}/${TARGETFILE}.sign"
|
|
||||||
DIRNAME="$(dirname "${SIGNFILE}")"
|
|
||||||
mkdir -p "${DIRNAME}"
|
|
||||||
echo "Adding detached signature for: ${TARGETFILE}. Size: ${SIZE}. Offset: ${OFFSET}"
|
|
||||||
dd if="$i" of="${SIGNFILE}" bs=1 skip=${OFFSET} count=${SIZE} 2>/dev/null
|
|
||||||
done
|
|
||||||
|
|
||||||
grep CodeResources < "${TEMPLIST}" | while read i; do
|
|
||||||
TARGETFILE="${BUNDLE}/$(echo "${i}" | sed "s|.*${BUNDLE}/||")"
|
|
||||||
RESOURCE="${TEMPDIR}/${OUTROOT}/${TARGETFILE}"
|
|
||||||
DIRNAME="$(dirname "${RESOURCE}")"
|
|
||||||
mkdir -p "${DIRNAME}"
|
|
||||||
echo "Adding resource for: \"${TARGETFILE}\""
|
|
||||||
cp "${i}" "${RESOURCE}"
|
|
||||||
done
|
|
||||||
|
|
||||||
rm ${TEMPLIST}
|
|
||||||
|
|
||||||
tar -C "${TEMPDIR}" -czf "${OUT}" .
|
tar -C "${TEMPDIR}" -czf "${OUT}" .
|
||||||
rm -rf "${TEMPDIR}"
|
rm -rf "${TEMPDIR}"
|
||||||
|
Loading…
Reference in New Issue
Block a user