Merge pull request #18315 from sy6sy2/fix-tvos-dpkg-install-JB

[tools/codesign][tvOS] Do fake sign, needed for jailbroken devices
xbmc · Aug 26, 2020 · c95c977 · c95c977
2 parents f80d155 + 55a11a1
commit c95c977
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 92 deletions.
diff --git a/tools/darwin/Support/Codesign.command b/tools/darwin/Support/Codesign.command
@@ -3,10 +3,10 @@
 set -x
 
 #this is the list of binaries we have to sign for being able to run un-jailbroken
-LIST_BINARY_EXTENSIONS="dylib so 0 vis pvr app"
+LIST_BINARY_EXTENSIONS="dylib so app"
 
 GEN_ENTITLEMENTS="$NATIVEPREFIX/bin/gen_entitlements.py"
-IOS11_ENTITLEMENTS="$XBMC_DEPENDS/share/ios11_entitlements.xml"
+DARWIN_EMBEDDED_ENTITLEMENTS="$XBMC_DEPENDS/share/darwin_embedded_entitlements.xml"
 LDID="$NATIVEPREFIX/bin/ldid"
 
 if [ "${PLATFORM_NAME}" == "macosx" ]; then
@@ -18,87 +18,70 @@ if [[ ! "$MACOS" && ! -f ${GEN_ENTITLEMENTS} ]]; then
   exit -1
 fi
 
-if [[ "$MACOS" || "${PLATFORM_NAME}" == "iphoneos" || "${PLATFORM_NAME}" == "appletvos" ]]; then
-  if [ "$MACOS" ]; then
-    CONTENTS_PATH="${CODESIGNING_FOLDER_PATH}/Contents"
-  else
-    CONTENTS_PATH="${CODESIGNING_FOLDER_PATH}"
-  fi
-
-  # todo: is this required anymore?
-  if [ "${PLATFORM_NAME}" == "iphoneos" ]; then
-    #do fake sign - needed for jailbroken ios5.1 devices for some reason
-    if [ -f ${LDID} ]; then
-      find ${BUILT_PRODUCTS_DIR}/${EXECUTABLE_FOLDER_PATH}/ -name "*.dylib" | xargs ${LDID} -S${IOS11_ENTITLEMENTS}
-      find ${BUILT_PRODUCTS_DIR}/${EXECUTABLE_FOLDER_PATH}/ -name "*.so" | xargs ${LDID} -S${IOS11_ENTITLEMENTS}
-      ${LDID} -S${IOS11_ENTITLEMENTS} ${BUILT_PRODUCTS_DIR}/${EXECUTABLE_FOLDER_PATH}/${EXECUTABLE_NAME}
-
-      #repackage python eggs
-      EGGS=$(find "${CONTENTS_PATH}" -name "*.egg" -type f)
-        for i in $EGGS; do
-          echo $i
-          mkdir del
-          unzip -q $i -d del
-          find ./del/ -name "*.so" -type f | xargs ${LDID} -S${IOS11_ENTITLEMENTS}
-          rm $i
-          cd del && zip -qr $i ./* &&  cd ..
-          rm -r ./del/
-        done
-    fi
-  fi
+if [ "$MACOS" ]; then
+  CONTENTS_PATH="${CODESIGNING_FOLDER_PATH}/Contents"
+else
+  CONTENTS_PATH="${CODESIGNING_FOLDER_PATH}"
+fi
 
-  # pull the CFBundleIdentifier out of the built xxx.app
-  BUNDLEID=$(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "${CONTENTS_PATH}/Info.plist")
-  echo "CFBundleIdentifier is ${BUNDLEID}"
+if [ ! "$MACOS" ]; then
+  # do fake sign - needed for iOS >=5.1 and tvOS >=10.2 jailbroken devices
+  # see http://www.saurik.com/id/8
+  "${LDID}" -S"${DARWIN_EMBEDDED_ENTITLEMENTS}" "${BUILT_PRODUCTS_DIR}/${EXECUTABLE_FOLDER_PATH}/${EXECUTABLE_NAME}"
+fi
 
-  # Prefer the expanded name, if available.
-  CODE_SIGN_IDENTITY_FOR_ITEMS="${EXPANDED_CODE_SIGN_IDENTITY_NAME}"
-  if [ "${CODE_SIGN_IDENTITY_FOR_ITEMS}" = "" ] ; then
-    # Fall back to old behavior.
-    CODE_SIGN_IDENTITY_FOR_ITEMS="${CODE_SIGN_IDENTITY}"
-  fi
-  echo "${CODE_SIGN_IDENTITY_FOR_ITEMS}"
+# pull the CFBundleIdentifier out of the built xxx.app
+BUNDLEID=$(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' "${CONTENTS_PATH}/Info.plist")
+echo "CFBundleIdentifier is ${BUNDLEID}"
 
-  if [ ! "$MACOS" ]; then
-    ${GEN_ENTITLEMENTS} "${BUNDLEID}" "${BUILT_PRODUCTS_DIR}/${EXECUTABLE_FOLDER_PATH}/${EXECUTABLE_NAME}.xcent"
-  fi
+# Prefer the expanded name, if available.
+CODE_SIGN_IDENTITY_FOR_ITEMS="${EXPANDED_CODE_SIGN_IDENTITY_NAME}"
+if [ "${CODE_SIGN_IDENTITY_FOR_ITEMS}" = "" ] ; then
+  # Fall back to old behavior.
+  CODE_SIGN_IDENTITY_FOR_ITEMS="${CODE_SIGN_IDENTITY}"
+fi
+echo "${CODE_SIGN_IDENTITY_FOR_ITEMS}"
 
-  # delete existing codesigning
-  if [ -d "${CONTENTS_PATH}/_CodeSignature" ]; then
-    rm -r "${CONTENTS_PATH}/_CodeSignature"
-  fi
-  if [[ ! "$MACOS" && -f "${CONTENTS_PATH}/embedded.mobileprovision" ]]; then
+if [ ! "$MACOS" ]; then
+  ${GEN_ENTITLEMENTS} "${BUNDLEID}" "${BUILT_PRODUCTS_DIR}/${EXECUTABLE_FOLDER_PATH}/${EXECUTABLE_NAME}.xcent"
+  if [ -f "${CONTENTS_PATH}/embedded.mobileprovision" ]; then
     rm -f "${CONTENTS_PATH}/embedded.mobileprovision"
   fi
+fi
 
-  #if user has set a code_sign_identity different from iPhone Developer we do a real codesign (for deployment on non-jailbroken devices)
-  if ! [ -z "${CODE_SIGN_IDENTITY_FOR_ITEMS}" ]; then
-    if egrep -q --max-count=1 -e '^iPhone (Developer|Distribution): ' -e '^Apple (Development|Distribution): ' -e '^[[:xdigit:]]+$' -e '^Developer ID Application: ' <<<"${CODE_SIGN_IDENTITY_FOR_ITEMS}"; then
-      echo "Doing a full bundle sign using genuine identity ${CODE_SIGN_IDENTITY_FOR_ITEMS}"
-      for binext in $LIST_BINARY_EXTENSIONS
-      do
-        echo "Signing binary: $binext"
-        # check if at least 1 file with the extension exists to sign, otherwise do nothing
-        FINDOUTPUT=$(find "${CONTENTS_PATH}" -name "*.$binext" -type f)
-        if [ `echo $FINDOUTPUT | wc -l` != 0 ]; then
-          for singlefile in $FINDOUTPUT; do
-            codesign -s "${CODE_SIGN_IDENTITY_FOR_ITEMS}" -fvvv -i "${BUNDLEID}" "${singlefile}"
-          done
-        fi
-      done
-      echo "In case your app crashes with SIG_SIGN check the variable LIST_BINARY_EXTENSIONS in tools/darwin/Support/Codesign.command"
+# delete existing codesigning
+if [ -d "${CONTENTS_PATH}/_CodeSignature" ]; then
+  rm -r "${CONTENTS_PATH}/_CodeSignature"
+fi
 
-      for FRAMEWORK_PATH in $(find "${CONTENTS_PATH}" -name "*.framework" -type d)
-      do
-        DYLIB_BASENAME=$(basename "${FRAMEWORK_PATH%.framework}")
-        echo "Signing Framework: ${DYLIB_BASENAME}.framework"
-        FRAMEWORKBUNDLEID="${BUNDLEID}.framework.${DYLIB_BASENAME}"
-        codesign -s "${CODE_SIGN_IDENTITY_FOR_ITEMS}" -fvvv -i "${FRAMEWORKBUNDLEID}" "${FRAMEWORK_PATH}/${DYLIB_BASENAME}"
-        codesign -s "${CODE_SIGN_IDENTITY_FOR_ITEMS}" -fvvv -i "${FRAMEWORKBUNDLEID}" "${FRAMEWORK_PATH}"
-      done
+#if user has set a code_sign_identity different from iPhone Developer we do a real codesign (for deployment on non-jailbroken devices)
+if ! [ -z "${CODE_SIGN_IDENTITY_FOR_ITEMS}" ]; then
+  if egrep -q --max-count=1 -e '^iPhone (Developer|Distribution): ' -e '^Apple (Development|Distribution): ' -e '^[[:xdigit:]]+$' -e '^Developer ID Application: ' <<<"${CODE_SIGN_IDENTITY_FOR_ITEMS}"; then
+    echo "Doing a full bundle sign using genuine identity ${CODE_SIGN_IDENTITY_FOR_ITEMS}"
+    for binext in $LIST_BINARY_EXTENSIONS
+    do
+      echo "Signing binary: $binext"
+      # check if at least 1 file with the extension exists to sign, otherwise do nothing
+      FINDOUTPUT=$(find "${CONTENTS_PATH}" -iname "*.$binext" -type f)
+      if [ `echo $FINDOUTPUT | wc -l` != 0 ]; then
+        for singlefile in $FINDOUTPUT; do
+          codesign -s "${CODE_SIGN_IDENTITY_FOR_ITEMS}" -fvvv -i "${BUNDLEID}" "${singlefile}"
+        done
+      fi
+    done
+
+    for FRAMEWORK_PATH in $(find "${CONTENTS_PATH}" -iname "*.framework" -type d)
+    do
+      DYLIB_BASENAME=$(basename "${FRAMEWORK_PATH%.framework}")
+      echo "Signing Framework: ${DYLIB_BASENAME}.framework"
+      FRAMEWORKBUNDLEID="${BUNDLEID}.framework.${DYLIB_BASENAME}"
+      codesign -s "${CODE_SIGN_IDENTITY_FOR_ITEMS}" -fvvv -i "${FRAMEWORKBUNDLEID}" "${FRAMEWORK_PATH}/${DYLIB_BASENAME}"
+      codesign -s "${CODE_SIGN_IDENTITY_FOR_ITEMS}" -fvvv -i "${FRAMEWORKBUNDLEID}" "${FRAMEWORK_PATH}"
+    done
 
-      #repackage python eggs
-      EGGS=$(find "${CONTENTS_PATH}" -name "*.egg" -type f)
+    if [ "$MACOS" ]; then
+      #sign and repackage python eggs for osx
+      EGGS=$(find "${CONTENTS_PATH}" -iname "*.egg" -type f)
       echo "Signing Eggs"
       for i in $EGGS; do
         echo $i
@@ -107,15 +90,15 @@ if [[ "$MACOS" || "${PLATFORM_NAME}" == "iphoneos" || "${PLATFORM_NAME}" == "app
         for binext in $LIST_BINARY_EXTENSIONS
         do
           # check if at least 1 file with the extension exists to sign, otherwise do nothing
-          FINDOUTPUT=`find ./del/ -name "*.$binext" -type f`
+          FINDOUTPUT=$(find ./del/ -iname "*.$binext" -type f)
           if [ `echo $FINDOUTPUT | wc -l` != 0 ]; then
             for singlefile in $FINDOUTPUT; do
               codesign -s "${CODE_SIGN_IDENTITY_FOR_ITEMS}" -fvvv -i "${BUNDLEID}" "${singlefile}"
             done
           fi
         done
         rm $i
-        cd del && zip -qr $i ./* &&  cd ..
+        cd del && zip -qr $i ./* && cd ..
         rm -r ./del/
       done
     fi

diff --git a/tools/depends/target/Makefile b/tools/depends/target/Makefile
@@ -29,7 +29,7 @@ ifeq ($(OS),darwin_embedded)
     DEPENDS += boblight
     EXCLUDED_DEPENDS += libshairplay libplist
   endif
-  DEPENDS += iosentitlements
+  DEPENDS += darwin-embedded-entitlements
 endif
 
 ifeq ($(OS),osx)

diff --git a/tools/depends/target/darwin-embedded-entitlements/Makefile b/tools/depends/target/darwin-embedded-entitlements/Makefile
@@ -0,0 +1,15 @@
+include ../../Makefile.include
+DEPS= ../../Makefile.include Makefile darwin_embedded_entitlements.xml
+
+DARWIN_EMBEDDED_ENT=$(PREFIX)/share/darwin_embedded_entitlements.xml
+
+all: $(DARWIN_EMBEDDED_ENT)
+
+$(DARWIN_EMBEDDED_ENT):
+	mkdir -p $(PREFIX)/share
+	cp darwin_embedded_entitlements.xml $(DARWIN_EMBEDDED_ENT)
+
+
+clean:
+distclean::
+	rm -f $(DARWIN_EMBEDDED_ENT)
diff --git a/...et/iosentitlements/ios11_entitlements.xml → ...tlements/darwin_embedded_entitlements.xml b/...et/iosentitlements/ios11_entitlements.xml → ...tlements/darwin_embedded_entitlements.xml
diff --git a/tools/depends/target/iosentitlements/Makefile b/tools/depends/target/iosentitlements/Makefile