Index: chrome/installer/mac/sign_versioned_dir.sh.in |
diff --git a/chrome/installer/mac/sign_versioned_dir.sh.in b/chrome/installer/mac/sign_versioned_dir.sh.in |
index 8d142cb7ef3b5f867d512172462d15aebbeb5362..f68b7aab3a9cc23c433a07a0c7c2b2f3603e8e01 100644 |
--- a/chrome/installer/mac/sign_versioned_dir.sh.in |
+++ b/chrome/installer/mac/sign_versioned_dir.sh.in |
@@ -43,8 +43,6 @@ |
framework="${versioned_dir}/@MAC_PRODUCT_NAME@ Framework.framework" |
crashpad_handler="${framework}/Helpers/crashpad_handler" |
helper_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper.app" |
-app_mode_loader_app="${framework}/Resources/app_mode_loader.app" |
-app_mode_loader="${app_mode_loader_app}/Contents/MacOS/app_mode_loader" |
requirement_suffix="\ |
and certificate leaf = H\"85cee8254216185620ddc8851c7a9fc4dfe120ef\"\ |
@@ -56,28 +54,10 @@ |
"${crashpad_handler}" \ |
-r="designated => identifier \"crashpad_handler\" \ |
${requirement_suffix}" --options "${enforcement_flags}" |
- |
-# The app mode loader bundle is modified dynamically at runtime. Just sign the |
-# executable, which shouldn't change. In order to do this, the executable needs |
-# to be copied out of the bundle, signed, and then copied back in. The resulting |
-# bundle's signature won't validate normally, but if the executable file is |
-# verified in isolation or with --ignore-resources, it will. Because the |
-# bundle's signature won't validate on its own, don't set any of the enforcement |
-# flags. |
-app_mode_loader_tmp="$(mktemp -t app_mode_loader)" |
-cp "${app_mode_loader}" "${app_mode_loader_tmp}" |
-codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \ |
- "${app_mode_loader_tmp}" \ |
- -r="designated => identifier \"app_mode_loader\" \ |
-${requirement_suffix}" |
-cp "${app_mode_loader_tmp}" "${app_mode_loader}" |
-rm -f "${app_mode_loader_tmp}" |
- |
codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \ |
"${framework}" \ |
-r="designated => identifier \"com.google.Chrome.framework\" \ |
${requirement_suffix}" |
- |
codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \ |
"${helper_app}" \ |
-r="designated => identifier \"com.google.Chrome.helper\" \ |
@@ -86,6 +66,5 @@ |
# Verify everything. Don't use --deep on the framework because Keystone's |
# signature is in a transitional state (radar 18474911). |
codesign --verify --deep "${crashpad_handler}" |
-codesign --verify --ignore-resources "${app_mode_loader}" |
codesign --verify "${framework}" |
codesign --verify --deep "${helper_app}" |