nextcloud-desktop/admin/osx/sign_app.sh

#!/bin/sh -xe

[ "$#" -lt 2 ] && echo "Usage: sign_app.sh <app> <identity> <team_identifier>" && exit

src_app="$1"
identity="$2"
team_identifier="$3"

codesign -s "$identity" --force --preserve-metadata=entitlements --verbose=4 --deep "$src_app"

# Verify the signature
codesign -dv $src_app
codesign --verify -v $src_app
spctl -a -t exec -vv $src_app

# Validate that the key used for signing the binary matches the expected TeamIdentifier
# needed to pass the SocketApi through the sandbox
codesign -dv $src_app 2>&1 | grep "TeamIdentifier=$team_identifier"
exit $?
OS X: Actually Make the signing script fail on failure Addresses #3114 2015-04-16 17:33:36 +03:00			`#!/bin/sh -xe`
OS X: Add sign_app.sh 2014-09-02 18:13:37 +04:00
shell_i: Add a way to fail the build if the signing key doesn't match This tries to catch error at build time instead of having to check the OS X console for errors afterward. 2015-06-22 14:53:56 +03:00			`[ "$#" -lt 2 ] && echo "Usage: sign_app.sh <app> <identity> <team_identifier>" && exit`
OS X: Add sign_app.sh 2014-09-02 18:13:37 +04:00
			`src_app="$1"`
			`identity="$2"`
shell_i: Add a way to fail the build if the signing key doesn't match This tries to catch error at build time instead of having to check the OS X console for errors afterward. 2015-06-22 14:53:56 +03:00			`team_identifier="$3"`
OS X: Add sign_app.sh 2014-09-02 18:13:37 +04:00
shell_i: Add a way to fail the build if the signing key doesn't match This tries to catch error at build time instead of having to check the OS X console for errors afterward. 2015-06-22 14:53:56 +03:00			`codesign -s "$identity" --force --preserve-metadata=entitlements --verbose=4 --deep "$src_app"`
OS X: Add sign_app.sh 2014-09-02 18:13:37 +04:00
OS X: Actually Make the signing script fail on failure Addresses #3114 2015-04-16 17:33:36 +03:00			`# Verify the signature`
Fix app signing on OS X 2014-10-01 17:33:20 +04:00			`codesign -dv $src_app`
OS X: The --strict option isn't supported on the build machine XCode is too old. 2016-01-22 20:13:25 +03:00			`codesign --verify -v $src_app`
Do a codesign --verify before running spctl codesign is less strict than spctl and gives more output. codesign -d alone doesn't verify but only prints. 2016-01-22 18:54:04 +03:00			`spctl -a -t exec -vv $src_app`
shell_i: Add a way to fail the build if the signing key doesn't match This tries to catch error at build time instead of having to check the OS X console for errors afterward. 2015-06-22 14:53:56 +03:00
			`# Validate that the key used for signing the binary matches the expected TeamIdentifier`
			`# needed to pass the SocketApi through the sandbox`
			`codesign -dv $src_app 2>&1 \| grep "TeamIdentifier=$team_identifier"`
			`exit $?`