aboutsummaryrefslogtreecommitdiff
path: root/scripts/entitlement.sh
diff options
context:
space:
mode:
authorAkihiko Odaki <akihiko.odaki@gmail.com>2021-02-25 09:06:14 +0900
committerPaolo Bonzini <pbonzini@redhat.com>2021-02-25 13:57:34 +0100
commit237377ac72b38f030058948f2d744c230b62be40 (patch)
treed4a8a9d884dafd3fa77f95b2bf2c345b514801bb /scripts/entitlement.sh
parent00d8ba9e0d62ea1c7459c25aeabf9c8bb7659462 (diff)
hvf: Sign the code after installation
Before this change, the code signed during the build was installed directly. However, the signature gets invalidated because meson modifies the code to fix dynamic library install names during the install process. It also prevents meson to strip the code because the pre-signed file is not marked as an executable (although it is somehow able to perform the modification described above). With this change, the unsigned code will be installed and modified by meson first, and a script signs it later. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210225000614.46919-1-akihiko.odaki@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'scripts/entitlement.sh')
-rwxr-xr-xscripts/entitlement.sh20
1 files changed, 16 insertions, 4 deletions
diff --git a/scripts/entitlement.sh b/scripts/entitlement.sh
index c540fa6435..f7aaaf2766 100755
--- a/scripts/entitlement.sh
+++ b/scripts/entitlement.sh
@@ -2,12 +2,24 @@
#
# Helper script for the build process to apply entitlements
+in_place=:
+if [ "$1" = --install ]; then
+ shift
+ in_place=false
+fi
+
SRC="$1"
DST="$2"
ENTITLEMENT="$3"
-trap 'rm "$DST.tmp"' exit
-cp -af "$SRC" "$DST.tmp"
-codesign --entitlements "$ENTITLEMENT" --force -s - "$DST.tmp"
-mv "$DST.tmp" "$DST"
+if $in_place; then
+ trap 'rm "$DST.tmp"' exit
+ cp -af "$SRC" "$DST.tmp"
+ SRC="$DST.tmp"
+else
+ cd "$MESON_INSTALL_DESTDIR_PREFIX"
+fi
+
+codesign --entitlements "$ENTITLEMENT" --force -s - "$SRC"
+mv -f "$SRC" "$DST"
trap '' exit