Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(32)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/installer/mac/sign_app.sh.in

Issue 1001103002: Crashpad! (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Sign crashpad_handler Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/chrome_paths.cc ('k') | chrome/installer/mac/sign_versioned_dir.sh.in » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/bash -p 1 #!/bin/bash -p
2 2
3 # Copyright (c) 2012 The Chromium Authors. All rights reserved. 3 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 6
7 # Using codesign, sign the application. After signing, the signatures on the 7 # Using codesign, sign the application. After signing, the signatures on the
8 # inner bundle components are verified, and the application's own signature is 8 # inner bundle components are verified, and the application's own signature is
9 # verified. Inner bundle components are expected to be signed before this 9 # verified. Inner bundle components are expected to be signed before this
10 # script is called. See sign_versioned_dir.sh. 10 # script is called. See sign_versioned_dir.sh.
(...skipping 23 matching lines...) Expand all
34 codesign_id="${3}" 34 codesign_id="${3}"
35 35
36 # Use custom resource rules for the browser application. 36 # Use custom resource rules for the browser application.
37 script_dir="$(dirname "${0}")" 37 script_dir="$(dirname "${0}")"
38 browser_app_rules="${script_dir}/app_resource_rules.plist" 38 browser_app_rules="${script_dir}/app_resource_rules.plist"
39 39
40 versioned_dir="${app_path}/Contents/Versions/@VERSION@" 40 versioned_dir="${app_path}/Contents/Versions/@VERSION@"
41 41
42 browser_app="${app_path}" 42 browser_app="${app_path}"
43 framework="${versioned_dir}/@MAC_PRODUCT_NAME@ Framework.framework" 43 framework="${versioned_dir}/@MAC_PRODUCT_NAME@ Framework.framework"
44 crashpad_handler="${framework}/Helpers/crashpad_handler"
44 helper_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper.app" 45 helper_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper.app"
45 helper_eh_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper EH.app" 46 helper_eh_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper EH.app"
46 helper_np_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper NP.app" 47 helper_np_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper NP.app"
47 48
48 requirement_string="\ 49 requirement_string="\
49 designated => \ 50 designated => \
50 (identifier \"com.google.Chrome\" or identifier \"com.google.Chrome.canary\") \ 51 (identifier \"com.google.Chrome\" or identifier \"com.google.Chrome.canary\") \
51 and certificate leaf = H\"85cee8254216185620ddc8851c7a9fc4dfe120ef\"\ 52 and certificate leaf = H\"85cee8254216185620ddc8851c7a9fc4dfe120ef\"\
52 " 53 "
53 54
54 codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \ 55 codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \
55 "${browser_app}" --resource-rules "${browser_app_rules}" \ 56 "${browser_app}" --resource-rules "${browser_app_rules}" \
56 -r="${requirement_string}" 57 -r="${requirement_string}"
57 58
58 # Show the signature. 59 # Show the signature.
59 codesign --display -r- -vvvvvv "${browser_app}" 60 codesign --display -r- -vvvvvv "${browser_app}"
60 61
61 # Verify everything. Check the framework and helper apps to make sure that the 62 # Verify everything. Check the framework and helper apps to make sure that the
62 # signatures are present and weren't altered by the signing process. Don't use 63 # signatures are present and weren't altered by the signing process. Don't use
63 # --deep on the framework because Keystone's signature is in a transitional 64 # --deep on the framework because Keystone's signature is in a transitional
64 # state (radar 18474911). Use --no-strict on the app because it uses custom 65 # state (radar 18474911). Use --no-strict on the app because it uses custom
65 # resource rules. 66 # resource rules.
67 codesign --verify --deep -vvvvvv "${crashpad_handler}"
66 codesign --verify -vvvvvv "${framework}" 68 codesign --verify -vvvvvv "${framework}"
67 codesign --verify --deep -vvvvvv "${helper_app}" 69 codesign --verify --deep -vvvvvv "${helper_app}"
68 codesign --verify --deep -vvvvvv "${helper_eh_app}" 70 codesign --verify --deep -vvvvvv "${helper_eh_app}"
69 codesign --verify --deep -vvvvvv "${helper_np_app}" 71 codesign --verify --deep -vvvvvv "${helper_np_app}"
70 codesign --verify --deep --no-strict -vvvvvv "${browser_app}" 72 codesign --verify --deep --no-strict -vvvvvv "${browser_app}"
71 73
72 # Verify with spctl, which uses the same rules that Gatekeeper does for 74 # Verify with spctl, which uses the same rules that Gatekeeper does for
73 # validation. 75 # validation.
74 spctl --assess -vv "${browser_app}" 76 spctl --assess -vv "${browser_app}"
OLDNEW
« no previous file with comments | « chrome/common/chrome_paths.cc ('k') | chrome/installer/mac/sign_versioned_dir.sh.in » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698