mirror of
https://github.com/iterate-ch/cyberduck.git
synced 2026-05-26 19:10:49 +00:00
David Kocher
142 lines
6.2 KiB
XML
142 lines
6.2 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
* $Revision: 6757 $
|
|
* $Date: 2010-08-25 13:25:44 +0200 (Mi, 25 Aug 2010) $
|
|
*
|
|
* Copyright (c) 2005-2012 David Kocher. All rights reserved.
|
|
* http://cyberduck.io/
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.package
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* Bug fixes, suggestions and comments should be sent to:
|
|
* dkocher@cyberduck.io
|
|
-->
|
|
<project name="Codesign" basedir=".">
|
|
|
|
<property name="installer.certificate" value=""/>
|
|
<condition property="installer.keychain" value="${env.KEYCHAIN_PATH}"
|
|
else="${user.home}/Library/Keychains/codesign.keychain">
|
|
<isset property="env.KEYCHAIN_PATH"/>
|
|
</condition>
|
|
|
|
<property name="codesign.certificate" value=""/>
|
|
<condition property="codesign.keychain" value="${env.KEYCHAIN_PATH}"
|
|
else="${user.home}/Library/Keychains/codesign.keychain">
|
|
<isset property="env.KEYCHAIN_PATH"/>
|
|
</condition>
|
|
|
|
<!-- Designated requirement -->
|
|
<property name="codesign.requirement.source" value="${setup}/app/codesign-requirement.txt"/>
|
|
<property name="codesign.requirement" value="${setup}/app/codesign-requirement.bin"/>
|
|
<!-- Enable hardened runtime -->
|
|
<property name="codesign.options" value="--force --options runtime"/>
|
|
<property name="codesign.arg" value="--entitlements ${setup}/app/default.entitlements"/>
|
|
|
|
<target name="codesign" depends="dotclean,compile-codesign-requirement">
|
|
<echo
|
|
message="Code signing ${bundle} with certificate ${codesign.certificate} and entitlements ${codesign.arg} from ${codesign.keychain}"/>
|
|
<apply executable="/usr/bin/codesign" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg line="${codesign.options} --sign '${codesign.certificate}' --keychain ${codesign.keychain} -v"/>
|
|
<fileset dir="${bundle}/${bundle.spotlight}" erroronmissingdir="false">
|
|
<include name="*.mdimporter"/>
|
|
</fileset>
|
|
<srcfile/>
|
|
</apply>
|
|
<apply executable="/usr/bin/codesign" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg line="${codesign.options} --identifier ch.sudo.cyberduck --sign '${codesign.certificate}' --keychain ${codesign.keychain} ${codesign.arg} -v"/>
|
|
<fileset dir="${bundle}/${bundle.frameworks}">
|
|
<include name="*.dylib"/>
|
|
</fileset>
|
|
<srcfile/>
|
|
</apply>
|
|
<apply executable="/usr/bin/codesign" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg line="${codesign.options} --sign '${codesign.certificate}' --keychain ${codesign.keychain} -v"/>
|
|
<fileset dir="${bundle}/${bundle.runtime}">
|
|
<include name="**/*.dylib"/>
|
|
</fileset>
|
|
<fileset dir="${bundle}/${bundle.plugins}">
|
|
<include name="*.jre"/>
|
|
</fileset>
|
|
<srcfile/>
|
|
</apply>
|
|
<apply executable="/usr/bin/codesign" failonerror="false"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg line="${codesign.options} --deep --sign '${codesign.certificate}' --keychain ${codesign.keychain} -v"/>
|
|
<fileset dir="${bundle}/${bundle.frameworks}">
|
|
<include name="Sparkle.framework/Versions/A/Resources/Autoupdate.app"/>
|
|
</fileset>
|
|
<srcfile/>
|
|
</apply>
|
|
<apply executable="/usr/bin/codesign" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg line="${codesign.options} --sign '${codesign.certificate}' --keychain ${codesign.keychain} -v"/>
|
|
<fileset dir="${bundle}/${bundle.frameworks}">
|
|
<include name="*.framework/Versions/A"/>
|
|
</fileset>
|
|
<srcfile/>
|
|
</apply>
|
|
<apply executable="/usr/bin/codesign" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg line="${codesign.options} --sign '${codesign.certificate}' --keychain ${codesign.keychain} ${codesign.arg} -v"/>
|
|
<file name="${bundle}"/>
|
|
<srcfile/>
|
|
</apply>
|
|
<antcall target="verify-signature">
|
|
<param name="bundle" value="${bundle}"/>
|
|
</antcall>
|
|
</target>
|
|
|
|
<target name="compile-codesign-requirement">
|
|
<echo message="Compile codesign requirement ${codesign.requirement}..."/>
|
|
<exec executable="/usr/bin/csreq" failonerror="true">
|
|
<arg line="-r ${codesign.requirement.source} -b ${codesign.requirement}"/>
|
|
</exec>
|
|
</target>
|
|
|
|
<target name="verify-signature">
|
|
<echo message="Verify code signature of ${bundle}..."/>
|
|
<apply executable="/usr/bin/codesign" failonerror="true"
|
|
type="both" parallel="false" spawn="false" force="true" verbose="true">
|
|
<arg line="--verbose=4 --deep --strict"/>
|
|
<file name="${bundle}"/>
|
|
<srcfile/>
|
|
</apply>
|
|
</target>
|
|
|
|
<target name="verify-spctl">
|
|
<echo message="Print system policy verification for ${bundle}..."/>
|
|
<apply executable="/usr/sbin/spctl" failonerror="true"
|
|
type="both" parallel="false" spawn="false" force="true" verbose="true">
|
|
<arg line="-v --assess --type execute --raw"/>
|
|
<file name="${bundle}"/>
|
|
<srcfile/>
|
|
</apply>
|
|
</target>
|
|
|
|
<target name="dotclean">
|
|
<apply executable="/usr/sbin/dot_clean" failonerror="true"
|
|
type="both" parallel="false" spawn="false" force="true" verbose="true">
|
|
<arg line="-m --keep=native"/>
|
|
<file name="${bundle}"/>
|
|
<srcfile/>
|
|
</apply>
|
|
</target>
|
|
</project>
|