aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcoFalke <falke.marco@gmail.com>2021-06-19 09:50:05 +0200
committerMarcoFalke <falke.marco@gmail.com>2021-06-19 09:50:11 +0200
commit926f76cb205ce9ef085f4945cdb439746b140414 (patch)
treeef9f221556a042b218468a48c4eabb7fb344b888
parent419f9b3b3b7c3993d73e67090822d0869a58eacd (diff)
parent0fe60a84ae2f52e87ee07cd0243f09d45b0b15e2 (diff)
Merge bitcoin/bitcoin#22191: [0.21] gitian: Use custom MacOS code signing tool
0fe60a84ae2f52e87ee07cd0243f09d45b0b15e2 Use latest signapple commit (Andrew Chow) 5313d6aed2d8bd515401b3782c0bc352af423015 gitian: Remove codesign_allocate and pagestuff from MacOS build (Andrew Chow) 27d691b6b5b4a15dc3d1f9dd248a8880ab3ab326 gitian: use signapple to create the MacOS code signature (Andrew Chow) 2f33e339a8903e79bf750367c073056bea4a9788 gitian: use signapple to apply the MacOS code signature (Andrew Chow) 65ce8330427114c2827d00a658d2e5887349c76a gitian: install signapple in gitian-osx-signer.yml (Andrew Chow) Pull request description: Backport of #20880 and #22190 ACKs for top commit: MarcoFalke: cherry-pick-only ACK 0fe60a84ae 🍀 Tree-SHA512: e864048fab02a1857161602dd53abba552ca3f859c133a47a5e62c28d3e4de9cd099bce86123a1b5892042b09f51cc1ddd2ed1b0c71bfba162710eaee3f5bf91
Diffstat
-rw-r--r--contrib/gitian-descriptors/gitian-osx-signer.yml18
-rw-r--r--contrib/gitian-descriptors/gitian-osx.yml2
-rwxr-xr-xcontrib/macdeploy/detached-sig-apply.sh36
-rwxr-xr-xcontrib/macdeploy/detached-sig-create.sh35
4 files changed, 24 insertions, 67 deletions
diff --git a/contrib/gitian-descriptors/gitian-osx-signer.yml b/contrib/gitian-descriptors/gitian-osx-signer.yml
index a4f3219c22..ce992a1707 100644
--- a/contrib/gitian-descriptors/gitian-osx-signer.yml
+++ b/contrib/gitian-descriptors/gitian-osx-signer.yml
@@ -7,9 +7,13 @@ architectures:
- "amd64"
packages:
- "faketime"
+- "python3-pip"
remotes:
- "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git"
"dir": "signature"
+- "url": "https://github.com/achow101/signapple.git"
+ "dir": "signapple"
+ "commit": "b084cbbf44d5330448ffce0c7d118f75781b64bd"
files:
- "bitcoin-osx-unsigned.tar.gz"
script: |
@@ -30,11 +34,19 @@ script: |
chmod +x ${WRAP_DIR}/${prog}
done
- UNSIGNED=bitcoin-osx-unsigned.tar.gz
+ # Install signapple
+ cd signapple
+ python3 -m pip install -U pip setuptools
+ python3 -m pip install .
+ export PATH="$HOME/.local/bin":$PATH
+ cd ..
+
+ UNSIGNED_TARBALL=bitcoin-osx-unsigned.tar.gz
+ UNSIGNED_APP=dist/Bitcoin-Qt.app
SIGNED=bitcoin-osx-signed.dmg
- tar -xf ${UNSIGNED}
+ tar -xf ${UNSIGNED_TARBALL}
OSX_VOLNAME="$(cat osx_volname)"
- ./detached-sig-apply.sh ${UNSIGNED} signature/osx
+ ./detached-sig-apply.sh ${UNSIGNED_APP} signature/osx/dist
${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "${OSX_VOLNAME}" -no-pad -r -dir-mode 0755 -apple -o uncompressed.dmg signed-app
${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}
diff --git a/contrib/gitian-descriptors/gitian-osx.yml b/contrib/gitian-descriptors/gitian-osx.yml
index df50f45188..6b1cb842f7 100644
--- a/contrib/gitian-descriptors/gitian-osx.yml
+++ b/contrib/gitian-descriptors/gitian-osx.yml
@@ -138,8 +138,6 @@ script: |
cp contrib/macdeploy/detached-sig-apply.sh unsigned-app-${i}
cp contrib/macdeploy/detached-sig-create.sh unsigned-app-${i}
cp ${BASEPREFIX}/${i}/native/bin/dmg ${BASEPREFIX}/${i}/native/bin/genisoimage unsigned-app-${i}
- cp ${BASEPREFIX}/${i}/native/bin/${i}-codesign_allocate unsigned-app-${i}/codesign_allocate
- cp ${BASEPREFIX}/${i}/native/bin/${i}-pagestuff unsigned-app-${i}/pagestuff
mv dist unsigned-app-${i}
pushd unsigned-app-${i}
find . | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz
diff --git a/contrib/macdeploy/detached-sig-apply.sh b/contrib/macdeploy/detached-sig-apply.sh
index 5c5a85d3fe..d481413cc3 100755
--- a/contrib/macdeploy/detached-sig-apply.sh
+++ b/contrib/macdeploy/detached-sig-apply.sh
@@ -8,10 +8,9 @@ set -e
UNSIGNED="$1"
SIGNATURE="$2"
-ARCH=x86_64
ROOTDIR=dist
-TEMPDIR=signed.temp
OUTDIR=signed-app
+SIGNAPPLE=signapple
if [ -z "$UNSIGNED" ]; then
echo "usage: $0 <unsigned app> <signature>"
@@ -23,35 +22,6 @@ if [ -z "$SIGNATURE" ]; then
exit 1
fi
-rm -rf ${TEMPDIR} && mkdir -p ${TEMPDIR}
-tar -C ${TEMPDIR} -xf ${UNSIGNED}
-cp -rf "${SIGNATURE}"/* ${TEMPDIR}
-
-if [ -z "${PAGESTUFF}" ]; then
- PAGESTUFF=${TEMPDIR}/pagestuff
-fi
-
-if [ -z "${CODESIGN_ALLOCATE}" ]; then
- CODESIGN_ALLOCATE=${TEMPDIR}/codesign_allocate
-fi
-
-find ${TEMPDIR} -name "*.sign" | while read i; do
- SIZE=$(stat -c %s "${i}")
- TARGET_FILE="$(echo "${i}" | sed 's/\.sign$//')"
-
- echo "Allocating space for the signature of size ${SIZE} in ${TARGET_FILE}"
- ${CODESIGN_ALLOCATE} -i "${TARGET_FILE}" -a ${ARCH} ${SIZE} -o "${i}.tmp"
-
- OFFSET=$(${PAGESTUFF} "${i}.tmp" -p | tail -2 | grep offset | sed 's/[^0-9]*//g')
- if [ -z ${QUIET} ]; then
- echo "Attaching signature at offset ${OFFSET}"
- fi
-
- dd if="$i" of="${i}.tmp" bs=1 seek=${OFFSET} count=${SIZE} 2>/dev/null
- mv "${i}.tmp" "${TARGET_FILE}"
- rm "${i}"
- echo "Success."
-done
-mv ${TEMPDIR}/${ROOTDIR} ${OUTDIR}
-rm -rf ${TEMPDIR}
+${SIGNAPPLE} apply ${UNSIGNED} ${SIGNATURE}
+mv ${ROOTDIR} ${OUTDIR}
echo "Signed: ${OUTDIR}"
diff --git a/contrib/macdeploy/detached-sig-create.sh b/contrib/macdeploy/detached-sig-create.sh
index 31a97f0a24..4f246cbb3f 100755
--- a/contrib/macdeploy/detached-sig-create.sh
+++ b/contrib/macdeploy/detached-sig-create.sh
@@ -8,44 +8,21 @@ set -e
ROOTDIR=dist
BUNDLE="${ROOTDIR}/Bitcoin-Qt.app"
-CODESIGN=codesign
+SIGNAPPLE=signapple
TEMPDIR=sign.temp
-TEMPLIST=${TEMPDIR}/signatures.txt
OUT=signature-osx.tar.gz
-OUTROOT=osx
+OUTROOT=osx/dist
if [ -z "$1" ]; then
- echo "usage: $0 <codesign args>"
- echo "example: $0 -s MyIdentity"
+ echo "usage: $0 <signapple args>"
+ echo "example: $0 <path to key>"
exit 1
fi
-rm -rf ${TEMPDIR} ${TEMPLIST}
+rm -rf ${TEMPDIR}
mkdir -p ${TEMPDIR}
-${CODESIGN} -f --file-list ${TEMPLIST} "$@" "${BUNDLE}"
-
-grep -v CodeResources < "${TEMPLIST}" | while read i; do
- TARGETFILE="${BUNDLE}/$(echo "${i}" | sed "s|.*${BUNDLE}/||")"
- SIZE=$(pagestuff "$i" -p | tail -2 | grep size | sed 's/[^0-9]*//g')
- OFFSET=$(pagestuff "$i" -p | tail -2 | grep offset | sed 's/[^0-9]*//g')
- SIGNFILE="${TEMPDIR}/${OUTROOT}/${TARGETFILE}.sign"
- DIRNAME="$(dirname "${SIGNFILE}")"
- mkdir -p "${DIRNAME}"
- echo "Adding detached signature for: ${TARGETFILE}. Size: ${SIZE}. Offset: ${OFFSET}"
- dd if="$i" of="${SIGNFILE}" bs=1 skip=${OFFSET} count=${SIZE} 2>/dev/null
-done
-
-grep CodeResources < "${TEMPLIST}" | while read i; do
- TARGETFILE="${BUNDLE}/$(echo "${i}" | sed "s|.*${BUNDLE}/||")"
- RESOURCE="${TEMPDIR}/${OUTROOT}/${TARGETFILE}"
- DIRNAME="$(dirname "${RESOURCE}")"
- mkdir -p "${DIRNAME}"
- echo "Adding resource for: \"${TARGETFILE}\""
- cp "${i}" "${RESOURCE}"
-done
-
-rm ${TEMPLIST}
+${SIGNAPPLE} sign -f --detach "${TEMPDIR}/${OUTROOT}" "$@" "${BUNDLE}"
tar -C "${TEMPDIR}" -czf "${OUT}" .
rm -rf "${TEMPDIR}"
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-25 21:51:35 +0000