blob: e75410d4efd6eabcafa018bbe6fb8eacad00f08b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
#!/bin/bash
set -x
# This is the list of binaries we have to sign for being able to run un-jailbroken
LIST_BINARY_EXTENSIONS="dylib so app"
DARWIN_EMBEDDED_ENTITLEMENTS="$XBMC_DEPENDS/share/darwin_embedded_entitlements.xml"
LDID="$NATIVEPREFIX/bin/ldid"
if [ "${PLATFORM_NAME}" == "macosx" ]; then
MACOS=1
fi
if [ "$MACOS" ]; then
CONTENTS_PATH="${CODESIGNING_FOLDER_PATH}/Contents"
else
CONTENTS_PATH="${CODESIGNING_FOLDER_PATH}"
fi
# Pull the CFBundleIdentifier out of the built xxx.app
BUNDLEID=$(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "${CONTENTS_PATH}/Info.plist")
echo "CFBundleIdentifier is '${BUNDLEID}'"
# Prefer the expanded name, if available.
CODE_SIGN_IDENTITY_FOR_ITEMS="${EXPANDED_CODE_SIGN_IDENTITY_NAME}"
if [ "${CODE_SIGN_IDENTITY_FOR_ITEMS}" = "" ] ; then
# Fall back to old behavior.
CODE_SIGN_IDENTITY_FOR_ITEMS="${CODE_SIGN_IDENTITY}"
fi
echo "Code sign identity is '${CODE_SIGN_IDENTITY_FOR_ITEMS}'"
# Delete existing codesign and provisioning file
rm -f "${CONTENTS_PATH}/embedded.mobileprovision"
rm -rf "${CONTENTS_PATH}/_CodeSignature"
# If user has set a code_sign_identity we do a real codesign (for deployment on non-jailbroken devices)
if ! [ -z "${CODE_SIGN_IDENTITY_FOR_ITEMS}" ]; then
if egrep -q --max-count=1 -e '^iPhone (Developer|Distribution): ' -e '^Apple (Development|Distribution): ' -e '^[[:xdigit:]]+$' -e '^Developer ID Application: ' <<<"${CODE_SIGN_IDENTITY_FOR_ITEMS}"; then
echo "Doing a full bundle sign using genuine identity '${CODE_SIGN_IDENTITY_FOR_ITEMS}'"
for binext in $LIST_BINARY_EXTENSIONS
do
echo "Signing binaries with '$binext' extension"
# Check if at least 1 file with the extension exists to sign, otherwise do nothing
FINDOUTPUT=$(find "${CONTENTS_PATH}" -iname "*.$binext" -type f)
if [ `echo $FINDOUTPUT | wc -l` != 0 ]; then
for singlefile in $FINDOUTPUT; do
codesign -s "${CODE_SIGN_IDENTITY_FOR_ITEMS}" -fvvv -i "${BUNDLEID}" "${singlefile}"
done
fi
done
for FRAMEWORK_PATH in $(find "${CONTENTS_PATH}" -iname "*.framework" -type d)
do
DYLIB_BASENAME=$(basename "${FRAMEWORK_PATH%.framework}")
echo "Signing Framework: ${DYLIB_BASENAME}.framework"
FRAMEWORKBUNDLEID="${BUNDLEID}.framework.${DYLIB_BASENAME}"
codesign -s "${CODE_SIGN_IDENTITY_FOR_ITEMS}" -fvvv -i "${FRAMEWORKBUNDLEID}" "${FRAMEWORK_PATH}/${DYLIB_BASENAME}"
codesign -s "${CODE_SIGN_IDENTITY_FOR_ITEMS}" -fvvv -i "${FRAMEWORKBUNDLEID}" "${FRAMEWORK_PATH}"
done
if [ "$MACOS" ]; then
# Sign and repackage python eggs for osx
EGGS=$(find "${CONTENTS_PATH}" -iname "*.egg" -type f)
echo "Signing Eggs"
for i in $EGGS; do
echo $i
mkdir del
unzip -q $i -d del
for binext in $LIST_BINARY_EXTENSIONS
do
# Check if at least 1 file with the extension exists to sign, otherwise do nothing
FINDOUTPUT=$(find ./del/ -iname "*.$binext" -type f)
if [ `echo $FINDOUTPUT | wc -l` != 0 ]; then
for singlefile in $FINDOUTPUT; do
codesign -s "${CODE_SIGN_IDENTITY_FOR_ITEMS}" -fvvv -i "${BUNDLEID}" "${singlefile}"
done
fi
done
rm $i
cd del && zip -qr $i ./* && cd ..
rm -r ./del/
done
fi
fi
elif [ ! "$MACOS" ]; then
# Do fake sign - needed for iOS >=5.1 and tvOS >=10.2 jailbroken devices
# See http://www.saurik.com/id/8
echo "Doing a fake sign using ldid for jailbroken devices (main kodi binary and all Mach-O files)"
# Main 'kodi' binary
"${LDID}" -S"${DARWIN_EMBEDDED_ENTITLEMENTS}" "${CONTENTS_PATH}/${EXECUTABLE_NAME}"
# All Mach-O files (except TopShelf)
for f in $(find "${CONTENTS_PATH}/AppData" "${CONTENTS_PATH}/Frameworks" -type f); do
if [[ $(file ${f}) == *"Mach-O"* ]]; then
"${LDID}" -S "${f}"
fi
done
fi
|
