From 957192d7f39d7370425e6482c60f293cb0112e44 Mon Sep 17 00:00:00 2001 From: Stephan Witt Date: Thu, 20 Feb 2020 10:47:23 +0100 Subject: [PATCH] Add packaging option to code sign the LyX application (cherry picked from commit d2257bb0ffde6706f3ef0a469fa839d0d0ac4985) --- development/LyX-Mac-binary-release.sh | 33 +++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/development/LyX-Mac-binary-release.sh b/development/LyX-Mac-binary-release.sh index 3380711d36..af00aa2abe 100644 --- a/development/LyX-Mac-binary-release.sh +++ b/development/LyX-Mac-binary-release.sh @@ -212,6 +212,10 @@ while [ $# -gt 0 ]; do esac shift ;; + --codesign-identity=*) + CODESIGN_IDENTITY=$(echo "${1}"|cut -d= -f2) + shift + ;; --libmagic-deployment=*) libmagic_deployment=$(echo ${1}|cut -d= -f2) shift @@ -867,6 +871,34 @@ convert_universal() { done } +# ------------------------- +# Create code sign signatures +# ------------------------- +code_sign() { + target="$1" + condir=$(content_directory "${target}"/lyx) + appdir=$(dirname "${condir}") + # have to sign frameworks first + for csitem in \ + "${condir}"/Frameworks/Qt*.framework/Versions/${QtFrameworkVersion} \ + "${condir}"/Frameworks/*.framework/lib*.dylib \ + "${condir}"/PlugIns/*/lib*.dylib \ + "${condir}"/Library/Spotlight/* \ + "${target}"/inkscape \ + "${target}"/maxima \ + "${target}"/tex2lyx \ + "${target}"/lyxeditor \ + "${target}"/lyxconvert \ + "${target}"/lyxclient + do + codesign --verbose --force --sign "${CODESIGN_IDENTITY}" "${csitem}" + done + + /usr/bin/codesign --verbose --force --sign "${CODESIGN_IDENTITY}" "${appdir}" || { + echo Warning: codesign failed with certificate named '"'${CODESIGN_IDENTITY}'"' + } +} + deduplicate() { find "$@" -type f -print | while read file ; do echo $(md5 -q "$file") "$file" @@ -1027,6 +1059,7 @@ build_package() { if [ ${LyxOnlyPackage:-"no"} = "no" ]; then build_lyx convert_universal + test -n "${CODESIGN_IDENTITY}" && code_sign "${LYX_BUNDLE_PATH}" copy_dictionaries fi build_package