def sign_app(appdir):
appdir = os.path.abspath(appdir)
subprocess.check_call([
'security', 'unlock-keychain', '-p', 'keychains are stupid',
CODESIGN_KEYCHAIN
])
with current_dir(os.path.join(appdir, 'Contents')):
executables = {get_executable('Info.plist')}
# Sign everything in MacOS except the main executable
# which will be signed automatically by codesign when
# signing the app bundle
with current_dir('MacOS'):
items = set(os.listdir('.')) - executables
codesign(expand_dirs(items))
# Sign everything in Frameworks
with current_dir('Frameworks'):
fw = set(glob('*.framework'))
codesign(fw)
items = set(os.listdir('.')) - fw
codesign(expand_dirs(items))
# Now sign the main app
codesign(appdir)
# Verify the signature
subprocess.check_call(['codesign', '--deep', '--verify', '-v', appdir])
subprocess.check_call('spctl --verbose=4 --assess --type execute'.split() +
[appdir])
return 0
def sign_app(appdir):
appdir = os.path.abspath(appdir)
subprocess.check_call([
'security', 'unlock-keychain', '-p', 'keychains are stupid',
CODESIGN_KEYCHAIN
])
with current_dir(os.path.join(appdir, 'Contents')):
executables = {get_executable('Info.plist')}
# Sign the sub application bundles
sub_apps = glob('*.app')
for sa in sub_apps:
exe = get_executable(sa + '/Contents/Info.plist')
if exe in executables:
raise ValueError(
'Multiple app bundles share the same executable: %s' % exe)
executables.add(exe)
codesign(sub_apps)
# Sign everything in MacOS except the main executables of the various
# app bundles which will be signed automatically by codesign when
# signing the app bundles
with current_dir('MacOS'):
items = set(os.listdir('.')) - executables
codesign(expand_dirs(items))
# Sign everything in Frameworks
with current_dir('Frameworks'):
fw = set(glob('*.framework'))
codesign(fw)
items = set(os.listdir('.')) - fw
codesign(expand_dirs(items))
# Now sign the main app
codesign(appdir)
# Verify the signature
subprocess.check_call(['codesign', '--deep', '--verify', '-v', appdir])
subprocess.check_call('spctl --verbose=4 --assess --type execute'.split() +
[appdir])
return 0
def sign_app(appdir):
appdir = os.path.abspath(appdir)
subprocess.check_call(['security', 'unlock-keychain', '-p', 'keychains are stupid', CODESIGN_KEYCHAIN])
with current_dir(os.path.join(appdir, 'Contents')):
executables = {get_executable('Info.plist')}
# Sign the sub application bundles
sub_apps = glob('*.app')
for sa in sub_apps:
exe = get_executable(sa + '/Contents/Info.plist')
if exe in executables:
raise ValueError('Multiple app bundles share the same executable: %s' % exe)
executables.add(exe)
codesign(sub_apps)
# Sign everything in MacOS except the main executables of the various
# app bundles which will be signed automatically by codesign when
# signing the app bundles
with current_dir('MacOS'):
items = set(os.listdir('.')) - executables
codesign(expand_dirs(items))
# Sign everything in Frameworks
with current_dir('Frameworks'):
fw = set(glob('*.framework'))
codesign(fw)
items = set(os.listdir('.')) - fw
codesign(expand_dirs(items))
# Now sign the main app
codesign(appdir)
# Verify the signature
subprocess.check_call(['codesign', '--deep', '--verify', '-v', appdir])
subprocess.check_call('spctl --verbose=4 --assess --type execute'.split() + [appdir])
return 0
def add_python_framework(self):
print('\nAdding Python framework')
src = join(PREFIX + '/python', 'Python.framework')
x = join(self.frameworks_dir, 'Python.framework')
curr = os.path.realpath(join(src, 'Versions', 'Current'))
currd = join(x, 'Versions', basename(curr))
rd = join(currd, 'Resources')
os.makedirs(rd)
shutil.copy2(join(curr, 'Resources', 'Info.plist'), rd)
shutil.copy2(join(curr, 'Python'), currd)
self.set_id(join(currd, 'Python'),
self.FID + '/Python.framework/Versions/%s/Python' % basename(curr))
# The following is needed for codesign in OS X >= 10.9.5
with current_dir(x):
os.symlink(basename(curr), 'Versions/Current')
for y in ('Python', 'Resources'):
os.symlink('Versions/Current/%s' % y, y)
def add_qt_framework(self, f):
libname = f
f = f + '.framework'
src = join(PREFIX, 'qt', 'lib', f)
ignore = shutil.ignore_patterns('Headers', '*.h', 'Headers/*')
dest = join(self.frameworks_dir, f)
shutil.copytree(src, dest, symlinks=True, ignore=ignore)
lib = os.path.realpath(join(dest, libname))
rpath = os.path.relpath(lib, self.frameworks_dir)
self.set_id(lib, self.FID + '/' + rpath)
self.fix_dependencies_in_lib(lib)
# The following is needed for codesign in OS X >= 10.9.5
# The presence of the .prl file in the root of the framework causes
# codesign to fail.
with current_dir(dest):
for x in os.listdir('.'):
if x != 'Versions' and not os.path.islink(x):
os.remove(x)
def add_python_framework(self):
print('\nAdding Python framework')
src = join(PREFIX + '/python', 'Python.framework')
x = join(self.frameworks_dir, 'Python.framework')
curr = os.path.realpath(join(src, 'Versions', 'Current'))
currd = join(x, 'Versions', basename(curr))
rd = join(currd, 'Resources')
os.makedirs(rd)
shutil.copy2(join(curr, 'Resources', 'Info.plist'), rd)
shutil.copy2(join(curr, 'Python'), currd)
self.set_id(
join(currd, 'Python'),
self.FID + '/Python.framework/Versions/%s/Python' % basename(curr))
# The following is needed for codesign in OS X >= 10.9.5
with current_dir(x):
os.symlink(basename(curr), 'Versions/Current')
for y in ('Python', 'Resources'):
os.symlink('Versions/Current/%s' % y, y)
def add_qt_framework(self, f):
libname = f
f = f + '.framework'
src = join(PREFIX, 'qt', 'lib', f)
ignore = shutil.ignore_patterns('Headers', '*.h', 'Headers/*')
dest = join(self.frameworks_dir, f)
shutil.copytree(src, dest, symlinks=True,
ignore=ignore)
lib = os.path.realpath(join(dest, libname))
rpath = os.path.relpath(lib, self.frameworks_dir)
self.set_id(lib, self.FID + '/' + rpath)
self.fix_dependencies_in_lib(lib)
# The following is needed for codesign in OS X >= 10.9.5
# The presence of the .prl file in the root of the framework causes
# codesign to fail.
with current_dir(dest):
for x in os.listdir('.'):
if x != 'Versions' and not os.path.islink(x):
os.remove(x)