Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #124 from dak180/topic/build-system

Build System Refinements.
  • Loading branch information...
commit 2973d6b54c87783e5b62b3c83bc98ac6d9fe0349 2 parents aef2261 + 2c13951
@barijaona barijaona authored
View
4 Vienna.xcodeproj/project.pbxproj
@@ -949,6 +949,7 @@
430C4AE0166175C20079C9FC /* Vienna-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = "Vienna-Info.plist"; path = "Resources/Vienna-Info.plist"; sourceTree = SOURCE_ROOT; };
430C4B001661F3270079C9FC /* CS-ID.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = "CS-ID.xcconfig"; path = "configs/CS-ID.xcconfig"; sourceTree = SOURCE_ROOT; };
432E5192165D65AF00A8640E /* Project-All.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = "Project-All.xcconfig"; path = "configs/Project-All.xcconfig"; sourceTree = SOURCE_ROOT; };
+ 434D6B8516937615008CBE8C /* codesignrequirement.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = codesignrequirement.txt; path = signing/codesignrequirement.txt; sourceTree = "<group>"; };
43501CF9165D73C70018EDB7 /* Vienna-All.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = "Vienna-All.xcconfig"; path = "configs/Vienna-All.xcconfig"; sourceTree = SOURCE_ROOT; };
43501CFA165D73C70018EDB7 /* Vienna-Dep.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = "Vienna-Dep.xcconfig"; path = "configs/Vienna-Dep.xcconfig"; sourceTree = SOURCE_ROOT; };
43501CFB165D73C70018EDB7 /* Vienna-Dev.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = "Vienna-Dev.xcconfig"; path = "configs/Vienna-Dev.xcconfig"; sourceTree = SOURCE_ROOT; };
@@ -1056,7 +1057,7 @@
439824221666B3DB00FFE219 /* notes.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = notes.html; sourceTree = SOURCE_ROOT; };
439824231666B3DB00FFE219 /* README.md */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = README.md; sourceTree = SOURCE_ROOT; };
439824241666B3DB00FFE219 /* Release Instructions.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "Release Instructions.txt"; sourceTree = SOURCE_ROOT; };
- 43B4611E1690982D00F6EC9A /* ResourceRules.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = ResourceRules.plist; path = Resources/ResourceRules.plist; sourceTree = SOURCE_ROOT; };
+ 43B4611E1690982D00F6EC9A /* ResourceRules.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = ResourceRules.plist; path = signing/ResourceRules.plist; sourceTree = "<group>"; };
43BA970A1663E80700B95F35 /* libSQLiteLib.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSQLiteLib.a; sourceTree = BUILT_PRODUCTS_DIR; };
43BA97121663EA5000B95F35 /* libJSONKit.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libJSONKit.a; sourceTree = BUILT_PRODUCTS_DIR; };
43BA971A1663EACF00B95F35 /* libGTMHTTP.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libGTMHTTP.a; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -2006,6 +2007,7 @@
43EE754D165E832C000997FB /* Default Lists */,
43EE754E165E83D6000997FB /* UI Images */,
43EE7551165EA910000997FB /* lproj */,
+ 434D6B8516937615008CBE8C /* codesignrequirement.txt */,
43B4611E1690982D00F6EC9A /* ResourceRules.plist */,
430C4AE0166175C20079C9FC /* Vienna-Info.plist */,
);
View
5 configs/scripts/Make-ID-Template.sh
@@ -5,7 +5,10 @@ if [ ! -f configs/CS-ID.xcconfig ]; then
// Global settings for Code Signing
CODE_SIGN_IDENTITY =
-CODE_SIGN_RESOURCE_RULES_PATH = "$(SRCROOT)/Resources/ResourceRules.plist"
+PRIVATE_KEY_PATH =
+
+CODE_SIGN_REQUIREMENTS_PATH = $(SRCROOT)/signing/codesignrequirement.csreq
+CODE_SIGN_RESOURCE_RULES_PATH = $(SRCROOT)/signing/ResourceRules.plist
EOF
fi
View
33 configs/scripts/Release-for-upload.sh
@@ -30,21 +30,24 @@ DOWNLOAD_BASE_URL="${DOWNLOAD_BASE_URL}/${DOWNLOAD_SUB_DIR}/${DOWNLOAD_TAG_DIR}"
function signd {
if [ ! -z "${CODE_SIGN_IDENTITY}" ]; then
# Local Config
+ local appth="${1}"
local idetd="${CODE_SIGN_IDENTITY}"
local resrul="${CODE_SIGN_RESOURCE_RULES_PATH}"
- local appth="${1}"
+ local csreq="${CODE_SIGN_REQUIREMENTS_PATH}"
# Sign and verify the app
- if [ ! -z "${resrul}" ]; then
+ if [[ ! -z "${resrul}" ]] && [[ ! -z "${csreq}" ]]; then
cp -a "${resrul}" "${appth}/ResourceRules.plist"
- codesign -f -s "${idetd}" --resource-rules="${appth}/ResourceRules.plist" -vvv "${appth}"
+ codesign -f --sign "${idetd}" --resource-rules="${appth}/ResourceRules.plist" --requirements "${csreq}" -vvv "${appth}"
rm "${appth}/ResourceRules.plist"
else
- codesign -f -s "${idetd}" -vvv "${appth}"
+ codesign -f --sign "${idetd}" --requirements "${csreq}" -vvv "${appth}"
+ fi
+ if ! codesign -vvv --verify "${appth}"; then
+ echo "warning: Code is improperly signed!" 1>&2
fi
- codesign -vvv --verify "${appth}"
else
- echo "warning: No code signing identity configured; code will not be signed." 1>&2
+ echo "warning: No Code Signing Identity configured or no Code Signing Requirement configured; code will not be signed." 1>&2
fi
}
@@ -54,6 +57,11 @@ if [ ! "${CONFIGURATION}" = "Deployment" ]; then
echo "error: This should only be run as Deployment" >&2
exit 1
fi
+# Fail if incorrectly tagged
+if [[ VCS_TICK == "0" ]] && ! git describe --exact-match "${VCS_TAG}"; then
+ echo 'error: The tag is not annotated; please redo the tag with `git tag -s` or `git tag -a`.' 1>&2
+ exit 1
+fi
cd "${BUILT_PRODUCTS_DIR}"
@@ -81,16 +89,11 @@ cd "${VIENNA_UPLOADS_DIR}"
pubDate="$(LC_TIME=en_US date -jf '%FT%T%z' "${VCS_DATE}" '+%a, %d %b %G %T %z')"
TGZSIZE="$(stat -f %z "${TGZ_FILENAME}")"
+SIGNATURE=$("${PROJECT_DIR}/keys/sign_update.rb" "${TGZ_FILENAME}" "${PRIVATE_KEY_PATH}")
-SIGNATURE=$(
-
-/usr/bin/ruby "${PROJECT_DIR}/keys/sign_update.rb" "${TGZ_FILENAME}" "${PRIVATE_KEY_PATH}"
-
-)
-
-
-[ $SIGNATURE ] || { echo Unable to load signing private key vienna_private_key.pem. Set PRIVATE_KEY_PATH in CS-ID.xcconfig; false; }
-
+if [ -z "${SIGNATURE}" ]; then
+ echo "warning: Unable to load signing private key vienna_private_key.pem. Set PRIVATE_KEY_PATH in CS-ID.xcconfig" 1>&2
+fi
cat > "${VIENNA_CHANGELOG}" << EOF
<?xml version="1.0" encoding="UTF-8" ?>
View
2  Resources/ResourceRules.plist → signing/ResourceRules.plist
@@ -26,7 +26,7 @@
<true/>
<key>weight</key>
<real>30</real>
- <dict>
+ </dict>
</dict>
</dict>
</plist>
View
0  keys/ansani_key.pem → signing/ansani_key.pem
File renamed without changes
View
BIN  signing/codesignrequirement.csreq
Binary file not shown
View
9 signing/codesignrequirement.txt
@@ -0,0 +1,9 @@
+designated => (
+ certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */
+or
+ certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */
+ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */
+ and certificate leaf[subject.OU] = KUU2LM7U9K
+)
+and anchor apple generic
+and identifier "uk.co.opencommunity.vienna2"
View
0  keys/generate_keys.rb → signing/generate_keys.rb
File renamed without changes
View
0  keys/sign_update.rb → signing/sign_update.rb
File renamed without changes
View
0  keys/vienna_public_key.pem → signing/vienna_public_key.pem
File renamed without changes
Please sign in to comment.
Something went wrong with that request. Please try again.