Chromium Code Reviews Chromium Code Reviews
Issue 2721333005:
Reauthorize Keychain to Replace Developer ID Certificate (Closed)
| OLD | NEW |
|---|---|
| 1 #!/bin/bash -p | 1 #!/bin/bash -p |
| 2 | 2 |
| 3 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | 3 # Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # Using codesign, sign the application. After signing, the signatures on the | 7 # Using codesign, sign the application. After signing, the signatures on the |
| 8 # inner bundle components are verified, and the application's own signature is | 8 # inner bundle components are verified, and the application's own signature is |
| 9 # verified. Inner bundle components are expected to be signed before this | 9 # verified. Inner bundle components are expected to be signed before this |
| 10 # script is called. See sign_versioned_dir.sh. | 10 # script is called. See sign_versioned_dir.sh. |
| (...skipping 30 matching lines...) Expand all Loading... | |
| 41 | 41 |
| 42 browser_app="${app_path}" | 42 browser_app="${app_path}" |
| 43 framework="${versioned_dir}/@MAC_PRODUCT_NAME@ Framework.framework" | 43 framework="${versioned_dir}/@MAC_PRODUCT_NAME@ Framework.framework" |
| 44 notification_service="${framework}/XPCServices/AlertNotificationService.xpc" | 44 notification_service="${framework}/XPCServices/AlertNotificationService.xpc" |
| 45 crashpad_handler="${framework}/Helpers/crashpad_handler" | 45 crashpad_handler="${framework}/Helpers/crashpad_handler" |
| 46 helper_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper.app" | 46 helper_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper.app" |
| 47 | 47 |
| 48 requirement_string="\ | 48 requirement_string="\ |
| 49 designated => \ | 49 designated => \ |
| 50 (identifier \"com.google.Chrome\" or identifier \"com.google.Chrome.canary\") \ | 50 (identifier \"com.google.Chrome\" or identifier \"com.google.Chrome.canary\") \ |
| 51 and certificate leaf = H\"85cee8254216185620ddc8851c7a9fc4dfe120ef\"\ | 51 and (certificate leaf = H\"85cee8254216185620ddc8851c7a9fc4dfe120ef\" or \ |
| 52 certificate leaf = H\"34f0bdf7f87d4f3a955862c351472e52250e4c2b\") \ | |
|
Mark Mentovai
2017/03/02 02:59:32
Verifying that 34f0bdf7f87d4f3a955862c351472e52250
Greg K
2017/03/02 18:54:14
Acknowledged.
| |
| 52 " | 53 " |
| 53 | 54 |
| 54 enforcement_flags="restrict" | 55 enforcement_flags="restrict" |
| 55 | 56 |
| 56 codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \ | 57 codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \ |
| 57 "${browser_app}" --resource-rules "${browser_app_rules}" \ | 58 "${browser_app}" --resource-rules "${browser_app_rules}" \ |
| 58 -r="${requirement_string}" --options "${enforcement_flags}" | 59 -r="${requirement_string}" --options "${enforcement_flags}" |
| 59 | 60 |
| 60 # Show the signature. | 61 # Show the signature. |
| 61 codesign --display -r- -vvvvvv "${browser_app}" | 62 codesign --display -r- -vvvvvv "${browser_app}" |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 79 | 80 |
| 80 cleanup() { | 81 cleanup() { |
| 81 set +e | 82 set +e |
| 82 rm -rf "${temp_dir}" | 83 rm -rf "${temp_dir}" |
| 83 } | 84 } |
| 84 trap cleanup EXIT | 85 trap cleanup EXIT |
| 85 | 86 |
| 86 temp_browser_app="${temp_dir}/$(basename "${browser_app}")" | 87 temp_browser_app="${temp_dir}/$(basename "${browser_app}")" |
| 87 rsync -a "${browser_app}/" "${temp_browser_app}" | 88 rsync -a "${browser_app}/" "${temp_browser_app}" |
| 88 spctl --assess -vv "${temp_browser_app}" | 89 spctl --assess -vv "${temp_browser_app}" |
| OLD | NEW |
