backport: macos code signing (dashpay#4978)

This commit is contained in:
UdjinM6 2022-08-17 19:19:02 +03:00 committed by pasta
parent 747475b55f
commit 6a57fa0c68
No known key found for this signature in database
GPG Key ID: 52527BEDABE87984
4 changed files with 24 additions and 67 deletions

View File

@ -8,9 +8,13 @@ architectures:
packages: packages:
- "faketime" - "faketime"
- "xorriso" - "xorriso"
- "python3-pip"
remotes: remotes:
- "url": "https://github.com/dashpay/dash-detached-sigs.git" - "url": "https://github.com/dashpay/dash-detached-sigs.git"
"dir": "signature" "dir": "signature"
- "url": "https://github.com/achow101/signapple.git"
"dir": "signapple"
"commit": "8a945a2e7583be2665cf3a6a89d665b70ecd1ab6"
files: files:
- "dashcore-osx-unsigned.tar.gz" - "dashcore-osx-unsigned.tar.gz"
script: | script: |
@ -31,11 +35,19 @@ script: |
chmod +x ${WRAP_DIR}/${prog} chmod +x ${WRAP_DIR}/${prog}
done done
UNSIGNED=dashcore-osx-unsigned.tar.gz # Install signapple
cd signapple
python3 -m pip install -U pip setuptools
python3 -m pip install .
export PATH="$HOME/.local/bin":$PATH
cd ..
UNSIGNED_TARBALL=dashcore-osx-unsigned.tar.gz
UNSIGNED_APP=dist/Dash-Qt.app
SIGNED=dashcore-osx-signed.dmg SIGNED=dashcore-osx-signed.dmg
tar -xf ${UNSIGNED} tar -xf ${UNSIGNED_TARBALL}
OSX_VOLNAME="$(cat osx_volname)" OSX_VOLNAME="$(cat osx_volname)"
./detached-sig-apply.sh ${UNSIGNED} signature/osx ./detached-sig-apply.sh ${UNSIGNED_APP} signature/osx/dist
${WRAP_DIR}/xorrisofs -D -l -V "${OSX_VOLNAME}" -no-pad -r -dir-mode 0755 -o uncompressed.dmg signed-app ${WRAP_DIR}/xorrisofs -D -l -V "${OSX_VOLNAME}" -no-pad -r -dir-mode 0755 -o uncompressed.dmg signed-app
${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED} ${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}

View File

@ -156,8 +156,6 @@ script: |
cp contrib/macdeploy/detached-sig-apply.sh unsigned-app-${i} cp contrib/macdeploy/detached-sig-apply.sh unsigned-app-${i}
cp contrib/macdeploy/detached-sig-create.sh unsigned-app-${i} cp contrib/macdeploy/detached-sig-create.sh unsigned-app-${i}
cp ${BASEPREFIX}/${i}/native/bin/dmg unsigned-app-${i} cp ${BASEPREFIX}/${i}/native/bin/dmg unsigned-app-${i}
cp ${BASEPREFIX}/${i}/native/bin/${i}-codesign_allocate unsigned-app-${i}/codesign_allocate
cp ${BASEPREFIX}/${i}/native/bin/${i}-pagestuff unsigned-app-${i}/pagestuff
mv dist unsigned-app-${i} mv dist unsigned-app-${i}
pushd unsigned-app-${i} pushd unsigned-app-${i}
find . | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz find . | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz

View File

@ -8,10 +8,9 @@ set -e
UNSIGNED="$1" UNSIGNED="$1"
SIGNATURE="$2" SIGNATURE="$2"
ARCH=x86_64
ROOTDIR=dist ROOTDIR=dist
TEMPDIR=signed.temp
OUTDIR=signed-app OUTDIR=signed-app
SIGNAPPLE=signapple
if [ -z "$UNSIGNED" ]; then if [ -z "$UNSIGNED" ]; then
echo "usage: $0 <unsigned app> <signature>" echo "usage: $0 <unsigned app> <signature>"
@ -23,35 +22,6 @@ if [ -z "$SIGNATURE" ]; then
exit 1 exit 1
fi fi
rm -rf ${TEMPDIR} && mkdir -p ${TEMPDIR} ${SIGNAPPLE} apply ${UNSIGNED} ${SIGNATURE}
tar -C ${TEMPDIR} -xf ${UNSIGNED} mv ${ROOTDIR} ${OUTDIR}
cp -rf "${SIGNATURE}"/* ${TEMPDIR}
if [ -z "${PAGESTUFF}" ]; then
PAGESTUFF=${TEMPDIR}/pagestuff
fi
if [ -z "${CODESIGN_ALLOCATE}" ]; then
CODESIGN_ALLOCATE=${TEMPDIR}/codesign_allocate
fi
find ${TEMPDIR} -name "*.sign" | while read i; do
SIZE=$(stat -c %s "${i}")
TARGET_FILE="$(echo "${i}" | sed 's/\.sign$//')"
echo "Allocating space for the signature of size ${SIZE} in ${TARGET_FILE}"
${CODESIGN_ALLOCATE} -i "${TARGET_FILE}" -a ${ARCH} ${SIZE} -o "${i}.tmp"
OFFSET=$(${PAGESTUFF} "${i}.tmp" -p | tail -2 | grep offset | sed 's/[^0-9]*//g')
if [ -z ${QUIET} ]; then
echo "Attaching signature at offset ${OFFSET}"
fi
dd if="$i" of="${i}.tmp" bs=1 seek=${OFFSET} count=${SIZE} 2>/dev/null
mv "${i}.tmp" "${TARGET_FILE}"
rm "${i}"
echo "Success."
done
mv ${TEMPDIR}/${ROOTDIR} ${OUTDIR}
rm -rf ${TEMPDIR}
echo "Signed: ${OUTDIR}" echo "Signed: ${OUTDIR}"

View File

@ -8,44 +8,21 @@ set -e
ROOTDIR=dist ROOTDIR=dist
BUNDLE="${ROOTDIR}/Dash-Qt.app" BUNDLE="${ROOTDIR}/Dash-Qt.app"
CODESIGN=codesign SIGNAPPLE=signapple
TEMPDIR=sign.temp TEMPDIR=sign.temp
TEMPLIST=${TEMPDIR}/signatures.txt
OUT=signature-osx.tar.gz OUT=signature-osx.tar.gz
OUTROOT=osx OUTROOT=osx/dist
if [ -z "$1" ]; then if [ -z "$1" ]; then
echo "usage: $0 <codesign args>" echo "usage: $0 <signapple args>"
echo "example: $0 -s MyIdentity" echo "example: $0 <path to key>"
exit 1 exit 1
fi fi
rm -rf ${TEMPDIR} ${TEMPLIST} rm -rf ${TEMPDIR}
mkdir -p ${TEMPDIR} mkdir -p ${TEMPDIR}
${CODESIGN} -f --file-list ${TEMPLIST} -o runtime "$@" "${BUNDLE}" ${SIGNAPPLE} sign -f --detach "${TEMPDIR}/${OUTROOT}" "$@" "${BUNDLE}"
grep -v CodeResources < "${TEMPLIST}" | while read i; do
TARGETFILE="${BUNDLE}/$(echo "${i}" | sed "s|.*${BUNDLE}/||")"
SIZE=$(pagestuff "$i" -p | tail -2 | grep size | sed 's/[^0-9]*//g')
OFFSET=$(pagestuff "$i" -p | tail -2 | grep offset | sed 's/[^0-9]*//g')
SIGNFILE="${TEMPDIR}/${OUTROOT}/${TARGETFILE}.sign"
DIRNAME="$(dirname "${SIGNFILE}")"
mkdir -p "${DIRNAME}"
echo "Adding detached signature for: ${TARGETFILE}. Size: ${SIZE}. Offset: ${OFFSET}"
dd if="$i" of="${SIGNFILE}" bs=1 skip=${OFFSET} count=${SIZE} 2>/dev/null
done
grep CodeResources < "${TEMPLIST}" | while read i; do
TARGETFILE="${BUNDLE}/$(echo "${i}" | sed "s|.*${BUNDLE}/||")"
RESOURCE="${TEMPDIR}/${OUTROOT}/${TARGETFILE}"
DIRNAME="$(dirname "${RESOURCE}")"
mkdir -p "${DIRNAME}"
echo "Adding resource for: \"${TARGETFILE}\""
cp "${i}" "${RESOURCE}"
done
rm ${TEMPLIST}
tar -C "${TEMPDIR}" -czf "${OUT}" . tar -C "${TEMPDIR}" -czf "${OUT}" .
rm -rf "${TEMPDIR}" rm -rf "${TEMPDIR}"