| OLD | NEW |
|---|
| 1 # Copyright 2015 The Chromium Authors. All rights reserved. | 1 # Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
| 3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
| 4 | 4 |
| 5 KEYCHAIN_PASSWORD=g0atMaster | 5 KEYCHAIN_PASSWORD=g0atMaster |
| 6 # This must match the commonName in codesign.cfg. | 6 # This must match the commonName in codesign.cfg. |
| 7 KEYCHAIN_IDENTITY=untrusted@goat.local | 7 KEYCHAIN_IDENTITY=untrusted@goat.local |
| 8 | 8 |
| 9 # Funcitons to add and remove codesigning identity to user's keychain. These |
| 10 # are necessary since the codesign utility no longer supports the -k option, |
| 11 # which reads the identity from a file. |
| 12 pre-build = security import codesign.key && security import codesign.crt |
| 13 post-build = security delete-identity -c untrusted@goat.local |
| 14 |
| 9 executable32: src.c | 15 executable32: src.c |
| 10 clang -m32 -o $@ $^ | 16 clang -m32 -o $@ $^ |
| 11 | 17 |
| 12 executable64: src.c | 18 executable64: src.c |
| 13 clang -m64 -o $@ $^ | 19 clang -m64 -o $@ $^ |
| 14 | 20 |
| 15 executablefat: executable32 executable64 | 21 executablefat: executable32 executable64 |
| 16 lipo -create -output $@ $^ | 22 lipo -create -output $@ $^ |
| 17 | 23 |
| 18 lib32.dylib: src.c | 24 lib32.dylib: src.c |
| 19 clang -m32 -shared -o $@ $^ | 25 clang -m32 -shared -o $@ $^ |
| 20 | 26 |
| 21 lib64.dylib: src.c | 27 lib64.dylib: src.c |
| 22 clang -m64 -shared -o $@ $^ | 28 clang -m64 -shared -o $@ $^ |
| 23 | 29 |
| 24 libfat.dylib: lib64.dylib lib32.dylib | 30 libfat.dylib: lib64.dylib lib32.dylib |
| 25 lipo -create -output $@ $^ | 31 lipo -create -output $@ $^ |
| 26 | 32 |
| 27 codesign.key: | 33 codesign.key: |
| 28 openssl genrsa -out $@ 2048 | 34 openssl genrsa -out $@ 2048 |
| 29 | 35 |
| 30 codesign.csr: codesign.key codesign.cfg | 36 codesign.csr: codesign.key codesign.cfg |
| 31 openssl req -new -key $< -out $@ -config codesign.cfg | 37 openssl req -new -key $< -out $@ -config codesign.cfg |
| 32 | 38 |
| 33 codesign.crt: codesign.csr codesign.key codesign.cfg | 39 codesign.crt: codesign.csr codesign.key codesign.cfg |
| 34 openssl x509 -req -signkey codesign.key -sha256 \ | 40 openssl x509 -req -signkey codesign.key -sha256 \ |
| 35 -extfile codesign.cfg -extensions req_attrs -in $< -out $@ | 41 -extfile codesign.cfg -extensions req_attrs -in $< -out $@ |
| 36 | 42 |
| 37 codesign.keychain: codesign.key codesign.crt | 43 signedexecutable32: executable32 codesign.crt |
| 38 » security create-keychain -p $(KEYCHAIN_PASSWORD) $(PWD)/$@ | 44 » $(call pre-build) |
| 39 » security unlock-keychain -p $(KEYCHAIN_PASSWORD) $(PWD)/$@ | 45 » cp $< $@ |
| 40 » certtool i ./codesign.crt k=$(PWD)/$@ r=./codesign.key | 46 » codesign -s $(KEYCHAIN_IDENTITY) $@ |
| 47 » $(call post-build) |
| 41 | 48 |
| 42 signedexecutable32: executable32 codesign.keychain | 49 libsigned64.dylib: lib64.dylib codesign.crt |
| 50 » $(call pre-build) |
| 43 cp $< $@ | 51 cp $< $@ |
| 44 » security unlock-keychain -p $(KEYCHAIN_PASSWORD) \ | 52 » codesign -s $(KEYCHAIN_IDENTITY) $@ |
| 45 » » $(PWD)/codesign.keychain | 53 » $(call post-build) |
| 46 » codesign -s $(KEYCHAIN_IDENTITY) --keychain $(PWD)/codesign.keychain $@ | |
| 47 | 54 |
| 48 libsigned64.dylib: lib64.dylib codesign.keychain | 55 signedexecutablefat: executablefat codesign.crt |
| 56 » $(call pre-build) |
| 49 cp $< $@ | 57 cp $< $@ |
| 50 » security unlock-keychain -p $(KEYCHAIN_PASSWORD) \ | 58 » codesign -s $(KEYCHAIN_IDENTITY) $@ --all-architectures |
| 51 » » $(PWD)/codesign.keychain | 59 » $(call post-build) |
| 52 » codesign -s $(KEYCHAIN_IDENTITY) --keychain $(PWD)/codesign.keychain $@ | |
| 53 | 60 |
| 54 signedexecutablefat: executablefat codesign.keychain | 61 signed-archive.dmg: test-bundle.app codesign.crt |
| 55 » cp $< $@ | 62 » $(call pre-build) |
| 56 » security unlock-keychain -p $(KEYCHAIN_PASSWORD) \ | 63 » hdiutil create -srcfolder test-bundle.app -format UDZO -layout \ |
| 57 » » $(PWD)/codesign.keychain | 64 » » SPUD -volname "Signed Archive" -ov $@ |
| 58 » codesign -s $(KEYCHAIN_IDENTITY) --keychain $(PWD)/codesign.keychain \ | 65 » codesign -s $(KEYCHAIN_IDENTITY) $@ |
| 59 » » $@ --all-architectures | 66 » $(call post-build) |
| 60 | 67 |
| 61 .PHONY: test-bundle.app | 68 .PHONY: test-bundle.app |
| 62 test-bundle.app: signedexecutablefat libsigned64.dylib executable32 | 69 test-bundle.app: signedexecutablefat libsigned64.dylib executable32 |
| 70 $(call pre-build) |
| 63 ditto base-bundle.app $@ | 71 ditto base-bundle.app $@ |
| 64 ditto $< $@/Contents/MacOS/test-bundle | 72 ditto $< $@/Contents/MacOS/test-bundle |
| 65 ditto $(word 2,$^) $@/Contents/Frameworks/$(word 2,$^) | 73 ditto $(word 2,$^) $@/Contents/Frameworks/$(word 2,$^) |
| 66 ditto $(word 3,$^) $@/Contents/Resources/$(word 3,$^) | 74 ditto $(word 3,$^) $@/Contents/Resources/$(word 3,$^) |
| 67 » security unlock-keychain -p $(KEYCHAIN_PASSWORD) \ | 75 » codesign -f -s $(KEYCHAIN_IDENTITY) $@ --all-architectures \ |
| 68 » » $(PWD)/codesign.keychain | 76 » » --resource-rules ResourceRules |
| 69 » codesign -f -s $(KEYCHAIN_IDENTITY) --keychain $(PWD)/codesign.keychain
\ | 77 » $(call post-build) |
| 70 » » $@ --all-architectures --resource-rules ResourceRules | |
| 71 | 78 |
| 72 .PHONY: modified-bundle.app | 79 .PHONY: modified-bundle.app |
| 73 modified-bundle.app: test-bundle.app lib32.dylib executable64 | 80 modified-bundle.app: test-bundle.app lib32.dylib executable64 |
| 81 $(call pre-build) |
| 74 ditto $< $@ | 82 ditto $< $@ |
| 75 echo "<xml/>" > $@/Contents/Resources/Base.lproj/InfoPlist.strings | 83 echo "<xml/>" > $@/Contents/Resources/Base.lproj/InfoPlist.strings |
| 76 » security unlock-keychain -p $(KEYCHAIN_PASSWORD) \ | 84 » codesign -f -s $(KEYCHAIN_IDENTITY) $@ --all-architectures \ |
| 77 » » $(PWD)/codesign.keychain | 85 » » --resource-rules ResourceRules |
| 78 » codesign -f -s $(KEYCHAIN_IDENTITY) --keychain $(PWD)/codesign.keychain
\ | |
| 79 » » $@ --all-architectures --resource-rules ResourceRules | |
| 80 echo "BAD" > $@/Contents/Resources/Base.lproj/InfoPlist.strings | 86 echo "BAD" > $@/Contents/Resources/Base.lproj/InfoPlist.strings |
| 81 touch $@/Contents/Resources/codesign.cfg | 87 touch $@/Contents/Resources/codesign.cfg |
| 82 ditto $(word 2,$^) $@/Contents/Frameworks/libsigned64.dylib | 88 ditto $(word 2,$^) $@/Contents/Frameworks/libsigned64.dylib |
| 83 ditto $(word 3,$^) $@/Contents/Resources/executable32 | 89 ditto $(word 3,$^) $@/Contents/Resources/executable32 |
| 84 echo "foo" >> $@/Contents/Resources/Base.lproj/MainMenu.nib | 90 echo "foo" >> $@/Contents/Resources/Base.lproj/MainMenu.nib |
| 85 » security unlock-keychain -p $(KEYCHAIN_PASSWORD) \ | 91 » codesign -f -s $(KEYCHAIN_IDENTITY) \ |
| 86 » » $(PWD)/codesign.keychain | |
| 87 » codesign -f -s $(KEYCHAIN_IDENTITY) --keychain $(PWD)/codesign.keychain
\ | |
| 88 $@/Contents/Resources/Base.lproj/MainMenu.nib | 92 $@/Contents/Resources/Base.lproj/MainMenu.nib |
| 93 $(call post-build) |
| 89 | 94 |
| 90 .PHONY: modified-bundle-and-exec.app | 95 .PHONY: modified-bundle-and-exec.app |
| 91 modified-bundle-and-exec.app: test-bundle.app lib32.dylib executable64 | 96 modified-bundle-and-exec.app: test-bundle.app lib32.dylib executable64 |
| 92 ditto $< $@ | 97 ditto $< $@ |
| 93 touch $@/Contents/Resources/codesign.cfg | 98 touch $@/Contents/Resources/codesign.cfg |
| 94 ditto $(word 2,$^) $@/Contents/Frameworks/libsigned64.dylib | 99 ditto $(word 2,$^) $@/Contents/Frameworks/libsigned64.dylib |
| 95 ditto $(word 3,$^) $@/Contents/Resources/executable32 | 100 ditto $(word 3,$^) $@/Contents/Resources/executable32 |
| 96 printf '\x31' | dd bs=1 seek=8097 count=1 conv=notrunc \ | 101 printf '\x31' | dd bs=1 seek=8097 count=1 conv=notrunc \ |
| 97 of=$@/Contents/MacOS/test-bundle | 102 of=$@/Contents/MacOS/test-bundle |
| 98 | 103 |
| 99 .PHONY: modified-main-exec32.app | 104 .PHONY: modified-main-exec32.app |
| 100 modified-main-exec32.app: test-bundle.app | 105 modified-main-exec32.app: test-bundle.app |
| 101 ditto $< $@ | 106 ditto $< $@ |
| 102 printf '\x31' | dd bs=1 seek=8097 count=1 conv=notrunc \ | 107 printf '\x31' | dd bs=1 seek=8097 count=1 conv=notrunc \ |
| 103
of=$@/Contents/MacOS/test-bundle | 108
of=$@/Contents/MacOS/test-bundle |
| 104 | 109 |
| 105 .PHONY: modified-main-exec64.app | 110 .PHONY: modified-main-exec64.app |
| 106 modified-main-exec64.app: test-bundle.app | 111 modified-main-exec64.app: test-bundle.app |
| 107 ditto $< $@ | 112 ditto $< $@ |
| 108 printf '\x31' | dd bs=1 seek=24448 count=1 conv=notrunc \ | 113 printf '\x31' | dd bs=1 seek=24448 count=1 conv=notrunc \ |
| 109 of=$@/Contents/MacOS/test-bundle | 114 of=$@/Contents/MacOS/test-bundle |
| 110 | 115 |
| 111 .PHONY: modified-localization.app | 116 .PHONY: modified-localization.app |
| 112 modified-localization.app: test-bundle.app | 117 modified-localization.app: test-bundle.app |
| 118 $(call pre-build) |
| 113 ditto $< $@ | 119 ditto $< $@ |
| 114 echo "<xml/>" > $@/Contents/Resources/Base.lproj/InfoPlist.strings | 120 echo "<xml/>" > $@/Contents/Resources/Base.lproj/InfoPlist.strings |
| 115 » security unlock-keychain -p $(KEYCHAIN_PASSWORD) \ | 121 » codesign -f -s $(KEYCHAIN_IDENTITY) $@ --all-architectures \ |
| 116 » » $(PWD)/codesign.keychain | 122 » » --resource-rules ResourceRules |
| 117 » codesign -f -s $(KEYCHAIN_IDENTITY) --keychain $(PWD)/codesign.keychain
\ | |
| 118 » » $@ --all-architectures --resource-rules ResourceRules | |
| 119 echo "CORRUPT" > $@/Contents/Resources/Base.lproj/InfoPlist.strings | 123 echo "CORRUPT" > $@/Contents/Resources/Base.lproj/InfoPlist.strings |
| 124 $(call post-build) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2934373002:
Record Code Signature of Downloaded DMG files (Closed)
