Merge pull request #18335 from sy6sy2/ATV-fake-sign-topshelf

[tools/codesign][tvOS][Jailbreak] Fake sign kodi-topshelf + fix crash on start on Unc0verTV
author: Sylvain CECCHETTO <sy6sy2@kodi.tv> 2020-09-14 11:19:14 +0200
committer: GitHub <noreply@github.com> 2020-09-14 11:19:14 +0200
commit: d4573ce5d64266820776d95a238e93ee46b2a946 (patch)
tree: 2897f836f4092a409d9b293443b5373e1a42b242 /tools/darwin
parent: 4eee20507b399fc72c59ae5081b19ba382eb2b32 (diff)
parent: e217bd23347a9379b23056c3aafcec37fb11b367 (diff)
3 files changed, 45 insertions, 34 deletions
diff --git a/tools/darwin/Support/Codesign-topshelf.command b/tools/darwin/Support/Codesign-topshelf.command
new file mode 100755
index 0000000000..8b9a3ffe83
--- /dev/null
+++ b/tools/darwin/Support/Codesign-topshelf.command
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -x
+
+LDID="$NATIVEPREFIX/bin/ldid"
+
+# Delete existing codesign and provisioning file
+rm -f "${CODESIGNING_FOLDER_PATH}/embedded.mobileprovision"
+rm -rf "${CODESIGNING_FOLDER_PATH}/_CodeSignature"
+
+# If user has not set a code_sign_identity we do a fake sign
+if [ -z "${CODE_SIGN_IDENTITY}" ]; then
+  # Do fake sign - needed for iOS >=5.1 and tvOS >=10.2 jailbroken devices
+  # See http://www.saurik.com/id/8
+  echo "Doing a fake sign of Top Shelf binary using ldid for jailbroken devices"
+  "${LDID}" -S "${CODESIGNING_FOLDER_PATH}/${EXECUTABLE_NAME}"
+fi
diff --git a/tools/darwin/Support/Codesign.command b/tools/darwin/Support/Codesign.command
index 44486e6956..e75410d4ef 100755
--- a/tools/darwin/Support/Codesign.command
+++ b/tools/darwin/Support/Codesign.command
@@ -2,10 +2,9 @@
 
 set -x
 
-#this is the list of binaries we have to sign for being able to run un-jailbroken
+# This is the list of binaries we have to sign for being able to run un-jailbroken
 LIST_BINARY_EXTENSIONS="dylib so app"
 
-GEN_ENTITLEMENTS="$NATIVEPREFIX/bin/gen_entitlements.py"
 DARWIN_EMBEDDED_ENTITLEMENTS="$XBMC_DEPENDS/share/darwin_embedded_entitlements.xml"
 LDID="$NATIVEPREFIX/bin/ldid"
 
@@ -13,26 +12,15 @@ if [ "${PLATFORM_NAME}" == "macosx" ]; then
   MACOS=1
 fi
 
-if [[ ! "$MACOS" && ! -f ${GEN_ENTITLEMENTS} ]]; then
-  echo "error: $GEN_ENTITLEMENTS not found. Codesign won't work."
-  exit -1
-fi
-
 if [ "$MACOS" ]; then
   CONTENTS_PATH="${CODESIGNING_FOLDER_PATH}/Contents"
 else
   CONTENTS_PATH="${CODESIGNING_FOLDER_PATH}"
 fi
 
-if [ ! "$MACOS" ]; then
-  # do fake sign - needed for iOS >=5.1 and tvOS >=10.2 jailbroken devices
-  # see http://www.saurik.com/id/8
-  "${LDID}" -S"${DARWIN_EMBEDDED_ENTITLEMENTS}" "${BUILT_PRODUCTS_DIR}/${EXECUTABLE_FOLDER_PATH}/${EXECUTABLE_NAME}"
-fi
-
-# pull the CFBundleIdentifier out of the built xxx.app
+# Pull the CFBundleIdentifier out of the built xxx.app
 BUNDLEID=$(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "${CONTENTS_PATH}/Info.plist")
-echo "CFBundleIdentifier is ${BUNDLEID}"
+echo "CFBundleIdentifier is '${BUNDLEID}'"
 
 # Prefer the expanded name, if available.
 CODE_SIGN_IDENTITY_FOR_ITEMS="${EXPANDED_CODE_SIGN_IDENTITY_NAME}"
@@ -40,28 +28,21 @@ if [ "${CODE_SIGN_IDENTITY_FOR_ITEMS}" = "" ] ; then
   # Fall back to old behavior.
   CODE_SIGN_IDENTITY_FOR_ITEMS="${CODE_SIGN_IDENTITY}"
 fi
-echo "${CODE_SIGN_IDENTITY_FOR_ITEMS}"
-
-if [ ! "$MACOS" ]; then
-  ${GEN_ENTITLEMENTS} "${BUNDLEID}" "${BUILT_PRODUCTS_DIR}/${EXECUTABLE_FOLDER_PATH}/${EXECUTABLE_NAME}.xcent"
-  if [ -f "${CONTENTS_PATH}/embedded.mobileprovision" ]; then
-    rm -f "${CONTENTS_PATH}/embedded.mobileprovision"
-  fi
-fi
+echo "Code sign identity is '${CODE_SIGN_IDENTITY_FOR_ITEMS}'"
 
-# delete existing codesigning
-if [ -d "${CONTENTS_PATH}/_CodeSignature" ]; then
-  rm -r "${CONTENTS_PATH}/_CodeSignature"
-fi
+# Delete existing codesign and provisioning file
+rm -f "${CONTENTS_PATH}/embedded.mobileprovision"
+rm -rf "${CONTENTS_PATH}/_CodeSignature"
 
-#if user has set a code_sign_identity different from iPhone Developer we do a real codesign (for deployment on non-jailbroken devices)
+# If user has set a code_sign_identity we do a real codesign (for deployment on non-jailbroken devices)
 if ! [ -z "${CODE_SIGN_IDENTITY_FOR_ITEMS}" ]; then
   if egrep -q --max-count=1 -e '^iPhone (Developer|Distribution): ' -e '^Apple (Development|Distribution): ' -e '^[[:xdigit:]]+$' -e '^Developer ID Application: ' <<<"${CODE_SIGN_IDENTITY_FOR_ITEMS}"; then
-    echo "Doing a full bundle sign using genuine identity ${CODE_SIGN_IDENTITY_FOR_ITEMS}"
+    echo "Doing a full bundle sign using genuine identity '${CODE_SIGN_IDENTITY_FOR_ITEMS}'"
+
     for binext in $LIST_BINARY_EXTENSIONS
     do
-      echo "Signing binary: $binext"
-      # check if at least 1 file with the extension exists to sign, otherwise do nothing
+      echo "Signing binaries with '$binext' extension"
+      # Check if at least 1 file with the extension exists to sign, otherwise do nothing
       FINDOUTPUT=$(find "${CONTENTS_PATH}" -iname "*.$binext" -type f)
       if [ `echo $FINDOUTPUT | wc -l` != 0 ]; then
         for singlefile in $FINDOUTPUT; do
@@ -80,7 +61,7 @@ if ! [ -z "${CODE_SIGN_IDENTITY_FOR_ITEMS}" ]; then
     done
 
     if [ "$MACOS" ]; then
-      #sign and repackage python eggs for osx
+      # Sign and repackage python eggs for osx
       EGGS=$(find "${CONTENTS_PATH}" -iname "*.egg" -type f)
       echo "Signing Eggs"
       for i in $EGGS; do
@@ -89,7 +70,7 @@ if ! [ -z "${CODE_SIGN_IDENTITY_FOR_ITEMS}" ]; then
         unzip -q $i -d del
         for binext in $LIST_BINARY_EXTENSIONS
         do
-          # check if at least 1 file with the extension exists to sign, otherwise do nothing
+          # Check if at least 1 file with the extension exists to sign, otherwise do nothing
           FINDOUTPUT=$(find ./del/ -iname "*.$binext" -type f)
           if [ `echo $FINDOUTPUT | wc -l` != 0 ]; then
             for singlefile in $FINDOUTPUT; do
@@ -103,4 +84,18 @@ if ! [ -z "${CODE_SIGN_IDENTITY_FOR_ITEMS}" ]; then
       done
     fi
   fi
+elif [ ! "$MACOS" ]; then
+  # Do fake sign - needed for iOS >=5.1 and tvOS >=10.2 jailbroken devices
+  # See http://www.saurik.com/id/8
+  echo "Doing a fake sign using ldid for jailbroken devices (main kodi binary and all Mach-O files)"
+
+  # Main 'kodi' binary
+  "${LDID}" -S"${DARWIN_EMBEDDED_ENTITLEMENTS}" "${CONTENTS_PATH}/${EXECUTABLE_NAME}"
+
+  # All Mach-O files (except TopShelf)
+  for f in $(find "${CONTENTS_PATH}/AppData" "${CONTENTS_PATH}/Frameworks" -type f); do
+    if [[ $(file ${f}) == *"Mach-O"* ]]; then
+      "${LDID}" -S "${f}"
+    fi
+  done
 fi
diff --git a/tools/darwin/packaging/darwin_embedded/mkdeb-darwin_embedded.sh.in b/tools/darwin/packaging/darwin_embedded/mkdeb-darwin_embedded.sh.in
index a1d1121199..78cb87aada 100644
--- a/tools/darwin/packaging/darwin_embedded/mkdeb-darwin_embedded.sh.in
+++ b/tools/darwin/packaging/darwin_embedded/mkdeb-darwin_embedded.sh.in
@@ -109,7 +109,6 @@ cp -r $APP $DIRNAME/$PACKAGE/Applications/
 find $DIRNAME/$PACKAGE/Applications/ -name '.svn' -exec rm -rf {} \;
 find $DIRNAME/$PACKAGE/Applications/ -name '.git*' -exec rm -rf {} \;
 find $DIRNAME/$PACKAGE/Applications/ -name '.DS_Store'  -exec rm -rf {} \;
-find $DIRNAME/$PACKAGE/Applications/ -name '*.xcent'  -exec rm -rf {} \;
 
 echo Packaging $PACKAGE
 # Tell tar, pax, etc. on Mac OS X 10.4+ not to archive
author	Sylvain CECCHETTO <sy6sy2@kodi.tv>	2020-09-14 11:19:14 +0200
committer	GitHub <noreply@github.com>	2020-09-14 11:19:14 +0200
commit	d4573ce5d64266820776d95a238e93ee46b2a946 (patch)
tree	2897f836f4092a409d9b293443b5373e1a42b242 /tools/darwin
parent	4eee20507b399fc72c59ae5081b19ba382eb2b32 (diff)
parent	e217bd23347a9379b23056c3aafcec37fb11b367 (diff)