Commit 55a093d8 authored by David Fuhrmann's avatar David Fuhrmann

macOS codesign: Add jar files, drop explicit requirement

The jar file needs special treatment to be signed correctly:
- The identifier must be without any dots. The file has three, and
  if only the suffix is dropped, then it will be wrongly interpreted as
  a reverse domain, still
- It is not allowed to have a Mac App store certificate signature,
  together with a jar file, as this is forbidden in the app store.
  Our explicit requirement was allowing such a signature (see
  "cert leaf[field.1.2.840.113635.] exists").

Solution is now to just let codesign do this work internally,
therefore the explicit requirement is dropped completely.
parent d8b7bb5f
......@@ -82,25 +82,9 @@ fi
# Call with $1 = file or folder, $2 = identifier (if empty, file name is used)
if [ -z "$IDENTIFIER" ]; then
filename=$(basename "$1")
# info "Signing file $1 with identifier $IDENTIFIER"
if [ -z "$GK" ]; then
codesign --force --verbose -s "$IDENTITY" --prefix "org.videolan." "$1"
REQUIREMENT="=designated => anchor apple generic and identifier \"$IDENTIFIER\" "
REQUIREMENT+="and ((cert leaf[field.1.2.840.113635.] exists) or "
REQUIREMENT+="( certificate 1[field.1.2.840.113635.] exists and "
REQUIREMENT+="certificate leaf[field.1.2.840.113635.] exists and "
REQUIREMENT+="certificate leaf[subject.OU] = \"75GAHG3SZQ\" ))"
codesign --force --verbose -s "$IDENTITY" --preserve-metadata=identifier,entitlements --requirements "$REQUIREMENT" --timestamp=none "$1"
codesign --force --verbose -s "$IDENTITY" "$1"
......@@ -154,7 +138,7 @@ done
info "Signing the modules"
for i in $(find -type f -name "*.dylib" -exec echo {} \;)
for i in $(find -type f \( -name "*.dylib" -o -name "*.jar" \) -exec echo {} \;)
sign "$i"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment