diff options
author | Sylvain CECCHETTO <sy6sy2@kodi.tv> | 2020-09-14 11:19:14 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-14 11:19:14 +0200 |
commit | d4573ce5d64266820776d95a238e93ee46b2a946 (patch) | |
tree | 2897f836f4092a409d9b293443b5373e1a42b242 | |
parent | 4eee20507b399fc72c59ae5081b19ba382eb2b32 (diff) | |
parent | e217bd23347a9379b23056c3aafcec37fb11b367 (diff) |
Merge pull request #18335 from sy6sy2/ATV-fake-sign-topshelf
[tools/codesign][tvOS][Jailbreak] Fake sign kodi-topshelf + fix crash on start on Unc0verTV
-rw-r--r-- | cmake/scripts/darwin_embedded/ExtraTargets.cmake | 5 | ||||
-rwxr-xr-x | tools/darwin/Support/Codesign-topshelf.command | 17 | ||||
-rwxr-xr-x | tools/darwin/Support/Codesign.command | 61 | ||||
-rw-r--r-- | tools/darwin/packaging/darwin_embedded/mkdeb-darwin_embedded.sh.in | 1 | ||||
-rw-r--r-- | tools/depends/native/Makefile | 2 | ||||
-rw-r--r-- | tools/depends/native/gen_entitlements/Makefile | 14 | ||||
-rwxr-xr-x | tools/depends/native/gen_entitlements/gen_entitlements.py | 36 |
7 files changed, 51 insertions, 85 deletions
diff --git a/cmake/scripts/darwin_embedded/ExtraTargets.cmake b/cmake/scripts/darwin_embedded/ExtraTargets.cmake index 1b984f36b8..01ab6328c5 100644 --- a/cmake/scripts/darwin_embedded/ExtraTargets.cmake +++ b/cmake/scripts/darwin_embedded/ExtraTargets.cmake @@ -23,5 +23,10 @@ if(CORE_PLATFORM_NAME_LC STREQUAL tvos) XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS ${ENTITLEMENTS_OUT_PATH}) target_link_libraries(${TOPSHELF_EXTENSION_NAME} "-framework TVServices" "-framework Foundation") + add_custom_command(TARGET ${TOPSHELF_EXTENSION_NAME} POST_BUILD + COMMAND "NATIVEPREFIX=${NATIVEPREFIX}" + ${CMAKE_SOURCE_DIR}/tools/darwin/Support/Codesign-topshelf.command + ) + add_dependencies(${APP_NAME_LC} ${TOPSHELF_EXTENSION_NAME}) endif() diff --git a/tools/darwin/Support/Codesign-topshelf.command b/tools/darwin/Support/Codesign-topshelf.command new file mode 100755 index 0000000000..8b9a3ffe83 --- /dev/null +++ b/tools/darwin/Support/Codesign-topshelf.command @@ -0,0 +1,17 @@ +#!/bin/bash + +set -x + +LDID="$NATIVEPREFIX/bin/ldid" + +# Delete existing codesign and provisioning file +rm -f "${CODESIGNING_FOLDER_PATH}/embedded.mobileprovision" +rm -rf "${CODESIGNING_FOLDER_PATH}/_CodeSignature" + +# If user has not set a code_sign_identity we do a fake sign +if [ -z "${CODE_SIGN_IDENTITY}" ]; then + # Do fake sign - needed for iOS >=5.1 and tvOS >=10.2 jailbroken devices + # See http://www.saurik.com/id/8 + echo "Doing a fake sign of Top Shelf binary using ldid for jailbroken devices" + "${LDID}" -S "${CODESIGNING_FOLDER_PATH}/${EXECUTABLE_NAME}" +fi diff --git a/tools/darwin/Support/Codesign.command b/tools/darwin/Support/Codesign.command index 44486e6956..e75410d4ef 100755 --- a/tools/darwin/Support/Codesign.command +++ b/tools/darwin/Support/Codesign.command @@ -2,10 +2,9 @@ set -x -#this is the list of binaries we have to sign for being able to run un-jailbroken +# This is the list of binaries we have to sign for being able to run un-jailbroken LIST_BINARY_EXTENSIONS="dylib so app" -GEN_ENTITLEMENTS="$NATIVEPREFIX/bin/gen_entitlements.py" DARWIN_EMBEDDED_ENTITLEMENTS="$XBMC_DEPENDS/share/darwin_embedded_entitlements.xml" LDID="$NATIVEPREFIX/bin/ldid" @@ -13,26 +12,15 @@ if [ "${PLATFORM_NAME}" == "macosx" ]; then MACOS=1 fi -if [[ ! "$MACOS" && ! -f ${GEN_ENTITLEMENTS} ]]; then - echo "error: $GEN_ENTITLEMENTS not found. Codesign won't work." - exit -1 -fi - if [ "$MACOS" ]; then CONTENTS_PATH="${CODESIGNING_FOLDER_PATH}/Contents" else CONTENTS_PATH="${CODESIGNING_FOLDER_PATH}" fi -if [ ! "$MACOS" ]; then - # do fake sign - needed for iOS >=5.1 and tvOS >=10.2 jailbroken devices - # see http://www.saurik.com/id/8 - "${LDID}" -S"${DARWIN_EMBEDDED_ENTITLEMENTS}" "${BUILT_PRODUCTS_DIR}/${EXECUTABLE_FOLDER_PATH}/${EXECUTABLE_NAME}" -fi - -# pull the CFBundleIdentifier out of the built xxx.app +# Pull the CFBundleIdentifier out of the built xxx.app BUNDLEID=$(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "${CONTENTS_PATH}/Info.plist") -echo "CFBundleIdentifier is ${BUNDLEID}" +echo "CFBundleIdentifier is '${BUNDLEID}'" # Prefer the expanded name, if available. CODE_SIGN_IDENTITY_FOR_ITEMS="${EXPANDED_CODE_SIGN_IDENTITY_NAME}" @@ -40,28 +28,21 @@ if [ "${CODE_SIGN_IDENTITY_FOR_ITEMS}" = "" ] ; then # Fall back to old behavior. CODE_SIGN_IDENTITY_FOR_ITEMS="${CODE_SIGN_IDENTITY}" fi -echo "${CODE_SIGN_IDENTITY_FOR_ITEMS}" - -if [ ! "$MACOS" ]; then - ${GEN_ENTITLEMENTS} "${BUNDLEID}" "${BUILT_PRODUCTS_DIR}/${EXECUTABLE_FOLDER_PATH}/${EXECUTABLE_NAME}.xcent" - if [ -f "${CONTENTS_PATH}/embedded.mobileprovision" ]; then - rm -f "${CONTENTS_PATH}/embedded.mobileprovision" - fi -fi +echo "Code sign identity is '${CODE_SIGN_IDENTITY_FOR_ITEMS}'" -# delete existing codesigning -if [ -d "${CONTENTS_PATH}/_CodeSignature" ]; then - rm -r "${CONTENTS_PATH}/_CodeSignature" -fi +# Delete existing codesign and provisioning file +rm -f "${CONTENTS_PATH}/embedded.mobileprovision" +rm -rf "${CONTENTS_PATH}/_CodeSignature" -#if user has set a code_sign_identity different from iPhone Developer we do a real codesign (for deployment on non-jailbroken devices) +# If user has set a code_sign_identity we do a real codesign (for deployment on non-jailbroken devices) if ! [ -z "${CODE_SIGN_IDENTITY_FOR_ITEMS}" ]; then if egrep -q --max-count=1 -e '^iPhone (Developer|Distribution): ' -e '^Apple (Development|Distribution): ' -e '^[[:xdigit:]]+$' -e '^Developer ID Application: ' <<<"${CODE_SIGN_IDENTITY_FOR_ITEMS}"; then - echo "Doing a full bundle sign using genuine identity ${CODE_SIGN_IDENTITY_FOR_ITEMS}" + echo "Doing a full bundle sign using genuine identity '${CODE_SIGN_IDENTITY_FOR_ITEMS}'" + for binext in $LIST_BINARY_EXTENSIONS do - echo "Signing binary: $binext" - # check if at least 1 file with the extension exists to sign, otherwise do nothing + echo "Signing binaries with '$binext' extension" + # Check if at least 1 file with the extension exists to sign, otherwise do nothing FINDOUTPUT=$(find "${CONTENTS_PATH}" -iname "*.$binext" -type f) if [ `echo $FINDOUTPUT | wc -l` != 0 ]; then for singlefile in $FINDOUTPUT; do @@ -80,7 +61,7 @@ if ! [ -z "${CODE_SIGN_IDENTITY_FOR_ITEMS}" ]; then done if [ "$MACOS" ]; then - #sign and repackage python eggs for osx + # Sign and repackage python eggs for osx EGGS=$(find "${CONTENTS_PATH}" -iname "*.egg" -type f) echo "Signing Eggs" for i in $EGGS; do @@ -89,7 +70,7 @@ if ! [ -z "${CODE_SIGN_IDENTITY_FOR_ITEMS}" ]; then unzip -q $i -d del for binext in $LIST_BINARY_EXTENSIONS do - # check if at least 1 file with the extension exists to sign, otherwise do nothing + # Check if at least 1 file with the extension exists to sign, otherwise do nothing FINDOUTPUT=$(find ./del/ -iname "*.$binext" -type f) if [ `echo $FINDOUTPUT | wc -l` != 0 ]; then for singlefile in $FINDOUTPUT; do @@ -103,4 +84,18 @@ if ! [ -z "${CODE_SIGN_IDENTITY_FOR_ITEMS}" ]; then done fi fi +elif [ ! "$MACOS" ]; then + # Do fake sign - needed for iOS >=5.1 and tvOS >=10.2 jailbroken devices + # See http://www.saurik.com/id/8 + echo "Doing a fake sign using ldid for jailbroken devices (main kodi binary and all Mach-O files)" + + # Main 'kodi' binary + "${LDID}" -S"${DARWIN_EMBEDDED_ENTITLEMENTS}" "${CONTENTS_PATH}/${EXECUTABLE_NAME}" + + # All Mach-O files (except TopShelf) + for f in $(find "${CONTENTS_PATH}/AppData" "${CONTENTS_PATH}/Frameworks" -type f); do + if [[ $(file ${f}) == *"Mach-O"* ]]; then + "${LDID}" -S "${f}" + fi + done fi diff --git a/tools/darwin/packaging/darwin_embedded/mkdeb-darwin_embedded.sh.in b/tools/darwin/packaging/darwin_embedded/mkdeb-darwin_embedded.sh.in index a1d1121199..78cb87aada 100644 --- a/tools/darwin/packaging/darwin_embedded/mkdeb-darwin_embedded.sh.in +++ b/tools/darwin/packaging/darwin_embedded/mkdeb-darwin_embedded.sh.in @@ -109,7 +109,6 @@ cp -r $APP $DIRNAME/$PACKAGE/Applications/ find $DIRNAME/$PACKAGE/Applications/ -name '.svn' -exec rm -rf {} \; find $DIRNAME/$PACKAGE/Applications/ -name '.git*' -exec rm -rf {} \; find $DIRNAME/$PACKAGE/Applications/ -name '.DS_Store' -exec rm -rf {} \; -find $DIRNAME/$PACKAGE/Applications/ -name '*.xcent' -exec rm -rf {} \; echo Packaging $PACKAGE # Tell tar, pax, etc. on Mac OS X 10.4+ not to archive diff --git a/tools/depends/native/Makefile b/tools/depends/native/Makefile index 7a3966a206..e5aff1f9df 100644 --- a/tools/depends/native/Makefile +++ b/tools/depends/native/Makefile @@ -15,7 +15,7 @@ NATIVE= m4 gettext heimdal autoconf automake \ ifeq ($(OS),darwin_embedded) - NATIVE += dpkg xz tar gen_entitlements ldid + NATIVE += dpkg xz tar ldid endif ifeq ($(TARGET_PLATFORM),wayland) diff --git a/tools/depends/native/gen_entitlements/Makefile b/tools/depends/native/gen_entitlements/Makefile deleted file mode 100644 index a16b4549f6..0000000000 --- a/tools/depends/native/gen_entitlements/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -include ../../Makefile.include - -GEBIN=$(NATIVEPREFIX)/bin/gen_entitlements.py - -all: $(GEBIN) - -$(GEBIN): - mkdir -p $(NATIVEPREFIX)/bin - cp gen_entitlements.py $(GEBIN) - chmod 755 $(GEBIN) - -clean: -distclean:: - rm -f $(GEBIN) diff --git a/tools/depends/native/gen_entitlements/gen_entitlements.py b/tools/depends/native/gen_entitlements/gen_entitlements.py deleted file mode 100755 index d8ae6af3ee..0000000000 --- a/tools/depends/native/gen_entitlements/gen_entitlements.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env python - -import sys -import struct - -if len(sys.argv) != 3: - print "Usage: %s appname dest_file.xcent" % sys.argv[0] - sys.exit(-1) - -APPNAME = sys.argv[1] -DEST = sys.argv[2] - -if not DEST.endswith('.xml') and not DEST.endswith('.xcent'): - print "Dest must be .xml (for ldid) or .xcent (for codesign)" - sys.exit(-1) - -entitlements = """ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<plist version="1.0"> -<dict> - <key>application-identifier</key> - <string>%s</string> - <key>get-task-allow</key> - <true/> -</dict> -</plist> -""" % APPNAME - -f = open(DEST,'w') -if DEST.endswith('.xcent'): - f.write("\xfa\xde\x71\x71") - f.write(struct.pack('>L', len(entitlements) + 8)) -f.write(entitlements) -f.close() - |