chrome/installer/mac/sign_installer_tools.sh - Issue 2832073002: Refactor mac signing scripts for development workflow

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/installer/mac/sign_installer_tools.sh

Issue 2832073002: Refactor mac signing scripts for development workflow (Closed)

Patch Set: Renamed requirement Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/installer/mac/sign_installer_tools.sh

diff --git a/chrome/installer/mac/sign_installer_tools.sh b/chrome/installer/mac/sign_installer_tools.sh

index 4b0834d466465ec62d39af88452d03c4504859b6..958199d93cc207fa235a3bead0d050ae4d6efd23 100755

--- a/chrome/installer/mac/sign_installer_tools.sh

+++ b/chrome/installer/mac/sign_installer_tools.sh

@@ -22,16 +22,23 @@ export -n SHELLOPTS

ME="$(basename "${0}")"

readonly ME

-if [[ ${#} -ne 3 ]]; then

- echo "usage: ${ME} packaging_dir codesign_keychain codesign_id" >& 2

+if [[ ${#} -ne 3 && ${#} -ne 4 ]]; then

+ echo "usage: ${ME} packaging_dir codesign_keychain codesign_id \

+[--development]" >& 2

exit 1

packaging_dir="${1}"

codesign_keychain="${2}"

codesign_id="${3}"

+is_development=

-enforcement_flags="restrict,library-validation,kill"

+if [[ ${#} == 4 && ${4} == "--development" ]]; then

+ is_development=1

+fi

+script_dir="$(dirname "${0}")"

+source "${script_dir}/variables.sh"

executables=(goobspatch xzdec)

libraries=(liblzma_decompress.dylib)

@@ -41,8 +48,18 @@ for executable in "${executables[@]}"; do

sign_path="${packaging_dir}/${executable}"

everything+=("${sign_path}")

- codesign --sign "${codesign_id}" --keychain "${codesign_keychain}" \

- "${sign_path}" --options "${enforcement_flags}"

+ codesign_cmd=(

+ codesign --sign "${codesign_id}" --keychain "${codesign_keychain}"

+ "${sign_path}" --options "${enforcement_flags_installer_tools}"

+ )

+ if [[ -z "${is_development}" ]]; then

+ requirement="designated => identifier \"${executable}\" \

+${requirement_suffix}"

+ codesign_cmd+=( -r="${designated}" )

Mark Mentovai 2017/04/25 20:34:57 ${requirement}, not ${designated}, right? You cal

Greg K 2017/04/25 22:15:05 Good catch. It turns out spctl failing caused the

+ fi

+ "${codesign_cmd[@]}"

done

for library in "${libraries[@]}"; do

« no previous file with comments | « chrome/installer/mac/sign_app.sh.in ('k') | chrome/installer/mac/sign_versioned_dir.sh.in » ('j') | chrome/installer/mac/sign_versioned_dir.sh.in » ('J')