| Index: chrome/installer/mac/sign_versioned_dir.sh.in
|
| diff --git a/chrome/installer/mac/sign_versioned_dir.sh.in b/chrome/installer/mac/sign_versioned_dir.sh.in
|
| index 8d142cb7ef3b5f867d512172462d15aebbeb5362..f68b7aab3a9cc23c433a07a0c7c2b2f3603e8e01 100644
|
| --- a/chrome/installer/mac/sign_versioned_dir.sh.in
|
| +++ b/chrome/installer/mac/sign_versioned_dir.sh.in
|
| @@ -43,8 +43,6 @@
|
| framework="${versioned_dir}/@MAC_PRODUCT_NAME@ Framework.framework"
|
| crashpad_handler="${framework}/Helpers/crashpad_handler"
|
| helper_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper.app"
|
| -app_mode_loader_app="${framework}/Resources/app_mode_loader.app"
|
| -app_mode_loader="${app_mode_loader_app}/Contents/MacOS/app_mode_loader"
|
|
|
| requirement_suffix="\
|
| and certificate leaf = H\"85cee8254216185620ddc8851c7a9fc4dfe120ef\"\
|
| @@ -56,28 +54,10 @@
|
| "${crashpad_handler}" \
|
| -r="designated => identifier \"crashpad_handler\" \
|
| ${requirement_suffix}" --options "${enforcement_flags}"
|
| -
|
| -# The app mode loader bundle is modified dynamically at runtime. Just sign the
|
| -# executable, which shouldn't change. In order to do this, the executable needs
|
| -# to be copied out of the bundle, signed, and then copied back in. The resulting
|
| -# bundle's signature won't validate normally, but if the executable file is
|
| -# verified in isolation or with --ignore-resources, it will. Because the
|
| -# bundle's signature won't validate on its own, don't set any of the enforcement
|
| -# flags.
|
| -app_mode_loader_tmp="$(mktemp -t app_mode_loader)"
|
| -cp "${app_mode_loader}" "${app_mode_loader_tmp}"
|
| -codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \
|
| - "${app_mode_loader_tmp}" \
|
| - -r="designated => identifier \"app_mode_loader\" \
|
| -${requirement_suffix}"
|
| -cp "${app_mode_loader_tmp}" "${app_mode_loader}"
|
| -rm -f "${app_mode_loader_tmp}"
|
| -
|
| codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \
|
| "${framework}" \
|
| -r="designated => identifier \"com.google.Chrome.framework\" \
|
| ${requirement_suffix}"
|
| -
|
| codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \
|
| "${helper_app}" \
|
| -r="designated => identifier \"com.google.Chrome.helper\" \
|
| @@ -86,6 +66,5 @@
|
| # Verify everything. Don't use --deep on the framework because Keystone's
|
| # signature is in a transitional state (radar 18474911).
|
| codesign --verify --deep "${crashpad_handler}"
|
| -codesign --verify --ignore-resources "${app_mode_loader}"
|
| codesign --verify "${framework}"
|
| codesign --verify --deep "${helper_app}"
|
|
|
Chromium Code Reviews
Issue 1491213009:
Revert of mac: Sign app_mode_loader [badly] (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master