Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5602)

Unified Diff: chrome/installer/mac/sign_versioned_dir.sh.in

Issue 1486863003: mac: Sign app_mode_loader [badly] (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Re-land Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/installer/mac/sign_versioned_dir.sh.in
diff --git a/chrome/installer/mac/sign_versioned_dir.sh.in b/chrome/installer/mac/sign_versioned_dir.sh.in
index f68b7aab3a9cc23c433a07a0c7c2b2f3603e8e01..c47cb9547a850f192f5c8901e0bc9e211ffab681 100644
--- a/chrome/installer/mac/sign_versioned_dir.sh.in
+++ b/chrome/installer/mac/sign_versioned_dir.sh.in
@@ -43,6 +43,8 @@ versioned_dir="${app_path}/Contents/Versions/@VERSION@"
framework="${versioned_dir}/@MAC_PRODUCT_NAME@ Framework.framework"
crashpad_handler="${framework}/Helpers/crashpad_handler"
helper_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper.app"
+app_mode_loader_app="${framework}/Resources/app_mode_loader.app"
+app_mode_loader="${app_mode_loader_app}/Contents/MacOS/app_mode_loader"
requirement_suffix="\
and certificate leaf = H\"85cee8254216185620ddc8851c7a9fc4dfe120ef\"\
@@ -54,17 +56,38 @@ codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \
"${crashpad_handler}" \
-r="designated => identifier \"crashpad_handler\" \
${requirement_suffix}" --options "${enforcement_flags}"
+
+# The app mode loader bundle is modified dynamically at runtime. Just sign the
+# executable, which shouldn't change. In order to do this, the executable needs
+# to be copied out of the bundle, signed, and then copied back in. The resulting
+# bundle's signature won't validate normally, but if the executable file is
+# verified in isolation or with --ignore-resources, it will. Because the
+# bundle's signature won't validate on its own, don't set any of the enforcement
+# flags.
+app_mode_loader_tmp="$(mktemp -t app_mode_loader)"
+cp "${app_mode_loader}" "${app_mode_loader_tmp}"
+codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \
+ "${app_mode_loader_tmp}" \
+ -r="designated => identifier \"app_mode_loader\" \
+${requirement_suffix}"
+cp "${app_mode_loader_tmp}" "${app_mode_loader}"
+rm -f "${app_mode_loader_tmp}"
+
codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \
"${framework}" \
-r="designated => identifier \"com.google.Chrome.framework\" \
${requirement_suffix}"
+
codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \
"${helper_app}" \
-r="designated => identifier \"com.google.Chrome.helper\" \
${requirement_suffix}" --options "${enforcement_flags}"
# Verify everything. Don't use --deep on the framework because Keystone's
-# signature is in a transitional state (radar 18474911).
+# signature is in a transitional state (radar 18474911). Don't verify
+# app_mode_loader independently because --ignore-resources is unrecognized
+# before 10.11 (bug 565859).
codesign --verify --deep "${crashpad_handler}"
+# codesign --verify --ignore-resources "${app_mode_loader}"
codesign --verify "${framework}"
codesign --verify --deep "${helper_app}"
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698