Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 52 lines (41 sloc) 2.22 KB
#!/bin/bash
# Sign -- calls codesign to perform code signing, working around what's not implemented in Xcode 3.1.1 CODE_SIGN* settings.
# Usage: During an Xcode build (otherwise, set BUILT_PRODUCTS_PATH and FULL_PRODUCT_NAME to correct values and CONFIGURATION to anything beginning with 'Release', verbatim). Requires INFINITELABS_CODE_SIGNING_IDENTITY to be defined and equal to the identity you want to use in signing.
# If $SRCROOT/$TARGETNAME-SigningList exists, each line will be interpreted as a different relative path inside the FULL_PRODUCT_NAME (for wrappers) and signed with the same key. Empty lines and lines starting with # are ignored in that file.
if [ "${CONFIGURATION:0:7}" != "Release" ]; then
echo "Not signing non-release code (use a configuration starting with Release to enable signing)."
exit 0
fi
if [ "$DISABLE_CODE_SIGNING" == "YES" ]; then
echo "warning: Code not signed because code signing is explicitly disabled. Set DISABLE_CODE_SIGNING to NO to re-enable it." >&2
exit 0
fi
SIGNED_PRODUCT="$BUILT_PRODUCTS_DIR"/"$FULL_PRODUCT_NAME"
echo "note: signing product." >&2
codesign -s "$INFINITELABS_CODE_SIGNING_IDENTITY" -f -vvvvv "$SIGNED_PRODUCT" || exit 1
if [ -f "$SRCROOT"/"$TARGETNAME"-SigningList ]; then
while read line; do
if [ "$line" != "" -a "${line:0:1}" != '#' ]; then
echo "note: signing file $SIGNED_PRODUCT/$line from the code signing list." >&2
codesign -s "$INFINITELABS_CODE_SIGNING_IDENTITY" -f -vvvvv "$SIGNED_PRODUCT"/"$line"
fi
done < "$SRCROOT"/"$TARGETNAME"-SigningList
fi
# Check that the file's contained sub-items, if any, are still signed and valid.
if [ -d "$SIGNED_PRODUCT" ]; then
find "$SIGNED_PRODUCT" -name _CodeSignature | while read line; do
if ! codesign -vvvvv "$line"/../..; then
echo "note: Detected modification in respect to signature $line. Resigning." >&2
codesign -s "$INFINITELABS_CODE_SIGNING_IDENTITY" -f -vvvvv "$line"/../..
fi
done
find "$SIGNED_PRODUCT" -name \*.dylib | while read line; do
if ! codesign -vvvvv "$line"; then
echo "note: Detected modification in signed file $line. Resigning." >&2
codesign -s "$INFINITELABS_CODE_SIGNING_IDENTITY" -f -vvvvv "$line"
fi
done
fi
if [ "$MODIFIED_FILES_FOUND" == "YES" ]; then
exit 1
fi