diff options
| author | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2022-10-18 13:12:29 +0200 |
|---|---|---|
| committer | Xisco Fauli <xiscofauli@libreoffice.org> | 2022-11-01 11:15:24 +0100 |
| commit | 3a1f948cb6db0cd2a8abaab11aaf711419762ddc (patch) | |
| tree | 56800997b460565a346b37cfa3e99f3e8bc9d773 | |
| parent | tdf#151073 - enable firebird for appstore build w/o experimental mode (diff) | |
| download | core-3a1f948cb6db0cd2a8abaab11aaf711419762ddc.tar.gz core-3a1f948cb6db0cd2a8abaab11aaf711419762ddc.zip | |
macOS sandbox: only use com.apple.application-identifier for main package
when multiple files are signed with that entitlement, the build will
just be listed with "Not Available for Testing" via Testflight
Change-Id: I92957f24513ab419ddbc4289b53175932111c198
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141497
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit 6e6c6f697b019348161648d9d26398bf64de83ef)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141701
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
| -rwxr-xr-x | solenv/bin/macosx-codesign-app-bundle | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/solenv/bin/macosx-codesign-app-bundle b/solenv/bin/macosx-codesign-app-bundle index a29b339de744..e569aef24333 100755 --- a/solenv/bin/macosx-codesign-app-bundle +++ b/solenv/bin/macosx-codesign-app-bundle @@ -25,11 +25,14 @@ done APP_BUNDLE="$1" entitlements= +application_identifier= if test -n "$ENABLE_MACOSX_SANDBOX"; then # In a sandboxed build executables need the entitlements entitlements="--entitlements $BUILDDIR/lo.xcent" + application_identifier=`/usr/libexec/PlistBuddy -c "print com.apple.application-identifier" $BUILDDIR/lo.xcent` + # remove the key from the entitlement - only use it when signing the whole bundle in the final step + /usr/libexec/PlistBuddy -c "delete com.apple.application-identifier" $BUILDDIR/lo.xcent # All data files are in Resources and included in the app bundle signature - # through that. I think. other_files='' # HACK: remove donate menu entries, need to support apple-pay and be verified # as non profit as a bare minimum to allow asking.... @@ -120,14 +123,13 @@ done # CFBundleExecutable from Info.plist, i.e. soffice, plus the contents # of the Resources tree. # -# At this stage we also attach the entitlements in the sandboxing case -# -# Also omit some files from the Bundle's seal via the resource-rules -# (bootstraprc and similar that the user might adjust and image files) # See also https://developer.apple.com/library/mac/technotes/tn2206/ -id=`echo ${PRODUCTNAME} | tr ' ' '-'` - +if test -n "$ENABLE_MACOSX_SANDBOX" && test -n "$application_identifier"; then + # add back the application-identifier to the entitlements + # testflight/beta-testing won't work if that key is used when signing the other executables + /usr/libexec/PlistBuddy -c "add com.apple.application-identifier string $application_identifier" $BUILDDIR/lo.xcent +fi codesign --force --options=runtime --identifier="${MACOSX_BUNDLE_IDENTIFIER}" --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$APP_BUNDLE" || exit 1 exit 0 |