blob: 6d23a461fc99598a6284caf16b90ec78eea8afbe (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
# Work around for some odd behaviour where we can't codesign a file
# in-place if it has been called before. This happens for example if
# you try to fix-up a binary using strip/install_name_tool, after it
# had been used previous. The solution is to copy the binary (with
# the corrupted signature from strip/install_name_tool) to some
# location, sign it there and move it back into place.
#
# This does not appear to happen with the codesign tool that ships
# with recent macOS BigSur installs on M1 arm64 machines. However it
# had also been happening with the tools that shipped with the DTKs.
sign() {
local tmpdir
tmpdir=$(mktemp -d)
# $1 is the file
cp "$1" "$tmpdir"
CODESIGN_ALLOCATE=@codesignAllocate@ \
@sigtool@/bin/codesign -f -s - "$tmpdir/$(basename "$1")"
mv "$tmpdir/$(basename "$1")" "$1"
rmdir "$tmpdir"
}
checkRequiresSignature() {
local file=$1
local rc=0
@sigtool@/bin/sigtool --file "$file" check-requires-signature || rc=$?
if [ "$rc" -eq 0 ] || [ "$rc" -eq 1 ]; then
return "$rc"
fi
echo "Unexpected exit status from sigtool: $rc"
exit 1
}
signIfRequired() {
local file=$1
if checkRequiresSignature "$file"; then
sign "$file"
fi
}
|