mirror of
https://github.com/iterate-ch/cyberduck.git
synced 2026-05-26 19:10:49 +00:00
David Kocher
176 lines
8.1 KiB
XML
176 lines
8.1 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
* $Revision: 6757 $
|
|
* $Date: 2010-08-25 13:25:44 +0200 (Mi, 25 Aug 2010) $
|
|
*
|
|
* Copyright (c) 2005-2012 David Kocher. All rights reserved.
|
|
* http://cyberduck.io/
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.package
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* Bug fixes, suggestions and comments should be sent to:
|
|
* dkocher@cyberduck.io
|
|
-->
|
|
<project name="Codesign" basedir=".">
|
|
|
|
<property name="installer.certificate" value=""/>
|
|
<condition property="installer.keychain" value="${env.KEYCHAIN_PATH}"
|
|
else="${user.home}/Library/Keychains/login.keychain-db">
|
|
<isset property="env.KEYCHAIN_PATH"/>
|
|
</condition>
|
|
|
|
<property name="codesign.certificate" value=""/>
|
|
<condition property="codesign.keychain" value="${env.KEYCHAIN_PATH}"
|
|
else="${user.home}/Library/Keychains/login.keychain-db">
|
|
<isset property="env.KEYCHAIN_PATH"/>
|
|
</condition>
|
|
|
|
<!-- Designated requirement -->
|
|
<property name="codesign.requirement.source" value="${setup}/app/codesign-requirement.txt"/>
|
|
<property name="codesign.requirement" value="${setup}/app/codesign-requirement.bin"/>
|
|
<property name="codesign.provisionprofile" value="${setup}/app/${codesign.provisionprofile.name}"/>
|
|
<!-- Enable hardened runtime -->
|
|
<property name="codesign.options" value="--force --options runtime"/>
|
|
<property name="codesign.arg"
|
|
value="--entitlements ${setup}/app/default.entitlements --requirements ${codesign.requirement}"/>
|
|
|
|
<target name="codesign" depends="dotclean,compile-codesign-requirement">
|
|
<copy tofile="${bundle}/${bundle.contents}/embedded.provisionprofile" overwrite="true" failonerror="false">
|
|
<file file="${codesign.provisionprofile}"/>
|
|
</copy>
|
|
<echo
|
|
message="Code signing ${bundle} with certificate ${codesign.certificate} and entitlements ${codesign.arg} from ${codesign.keychain}"/>
|
|
<apply executable="/usr/bin/xcrun" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg
|
|
line="codesign ${codesign.options} --sign '${codesign.certificate}' --keychain ${codesign.keychain} -v"/>
|
|
<fileset dir="${bundle}/${bundle.spotlight}" erroronmissingdir="false">
|
|
<include name="*.mdimporter"/>
|
|
</fileset>
|
|
<srcfile/>
|
|
</apply>
|
|
<apply executable="/usr/bin/xcrun" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg
|
|
line="codesign ${codesign.options} --sign '${codesign.certificate}' --keychain ${codesign.keychain} -v"/>
|
|
<fileset dir="${bundle}/${bundle.frameworks}">
|
|
<include name="*.dylib"/>
|
|
<include name="*.jnilib"/>
|
|
</fileset>
|
|
<srcfile/>
|
|
</apply>
|
|
<apply executable="/usr/bin/xcrun" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg
|
|
line="codesign ${codesign.options} --sign '${codesign.certificate}' --keychain ${codesign.keychain} -v"/>
|
|
<fileset dir="${bundle}/${bundle.runtime}">
|
|
<include name="**/*.dylib"/>
|
|
</fileset>
|
|
<fileset dir="${bundle}/${bundle.plugins}">
|
|
<include name="*.docktileplugin"/>
|
|
<include name="*.jre"/>
|
|
</fileset>
|
|
<srcfile/>
|
|
</apply>
|
|
<apply executable="/usr/bin/xcrun" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg
|
|
line="codesign ${codesign.options} --entitlements ${setup}/app/org.sparkle-project.Downloader.entitlements --sign '${codesign.certificate}' --keychain ${codesign.keychain} -v"/>
|
|
<fileset dir="${bundle}/${bundle.frameworks}">
|
|
<include name="Sparkle.framework/Versions/*/XPCServices/Downloader.xpc"/>
|
|
</fileset>
|
|
<srcfile/>
|
|
</apply>
|
|
<apply executable="/usr/bin/xcrun" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg
|
|
line="codesign ${codesign.options} --sign '${codesign.certificate}' --keychain ${codesign.keychain} -v"/>
|
|
<fileset dir="${bundle}/${bundle.frameworks}">
|
|
<include name="Sparkle.framework/Versions/*/XPCServices/Installer.xpc"/>
|
|
<include name="Sparkle.framework/Versions/*/Autoupdate"/>
|
|
<include name="Sparkle.framework/Versions/*/*.app"/>
|
|
</fileset>
|
|
<srcfile/>
|
|
</apply>
|
|
<apply executable="/usr/bin/xcrun" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg
|
|
line="codesign ${codesign.options} --sign '${codesign.certificate}' --keychain ${codesign.keychain} -v"/>
|
|
<fileset dir="${bundle}/${bundle.frameworks}">
|
|
<include name="*.framework"/>
|
|
</fileset>
|
|
<srcfile/>
|
|
</apply>
|
|
<apply executable="/usr/bin/xcrun" failonerror="true"
|
|
type="both"
|
|
parallel="false" spawn="false" force="true">
|
|
<arg
|
|
line="codesign ${codesign.options} --sign '${codesign.certificate}' --keychain ${codesign.keychain} ${codesign.arg} -v"/>
|
|
<file name="${bundle}"/>
|
|
<srcfile/>
|
|
</apply>
|
|
</target>
|
|
|
|
<target name="compile-codesign-requirement">
|
|
<echo message="Compile codesign requirement ${codesign.requirement}..."/>
|
|
<exec executable="/usr/bin/csreq" failonerror="true">
|
|
<arg line="-r ${codesign.requirement.source} -b ${codesign.requirement}"/>
|
|
</exec>
|
|
</target>
|
|
|
|
<target name="verify-signature">
|
|
<echo message="Verify code signature of ${bundle}..."/>
|
|
<apply executable="/usr/bin/xcrun" failonerror="true"
|
|
type="both" parallel="false" spawn="false" force="true" verbose="true">
|
|
<arg line="codesign --verbose=4 --deep --strict"/>
|
|
<file name="${bundle}"/>
|
|
<srcfile/>
|
|
</apply>
|
|
</target>
|
|
|
|
<target name="verify-spctl">
|
|
<echo message="Print system policy verification for ${bundle}..."/>
|
|
<apply executable="/usr/sbin/spctl" failonerror="true"
|
|
type="both" parallel="false" spawn="false" force="true" verbose="true">
|
|
<arg line="-v --assess --type execute --raw"/>
|
|
<file name="${bundle}"/>
|
|
<srcfile/>
|
|
</apply>
|
|
</target>
|
|
|
|
<target name="dotclean">
|
|
<apply executable="/usr/sbin/dot_clean" failonerror="true"
|
|
type="both" parallel="false" spawn="false" force="true" verbose="true">
|
|
<arg line="-m --keep=native"/>
|
|
<file name="${bundle}"/>
|
|
<srcfile/>
|
|
</apply>
|
|
</target>
|
|
|
|
<target name="notarize">
|
|
<echo message="Start notarizing '${notarize.archive.upload}'"/>
|
|
<exec dir="${home}" executable="/usr/bin/xcrun" spawn="false" failonerror="true">
|
|
<arg line="notarytool submit --apple-id '${env.NOTARIZATION_USER}' --password '${env.NOTARIZATION_PW}' --team-id '${env.NOTARIZATION_TEAMID}' --verbose '${notarize.archive.upload}' --wait --timeout 2h --output-format plist"/>
|
|
</exec>
|
|
<echo message="Start stapling '${notarize.archive.staple}'"/>
|
|
<exec dir="${home}" executable="/usr/bin/xcrun" spawn="false" failonerror="true">
|
|
<arg line="stapler staple -v '${notarize.archive.staple}'"/>
|
|
</exec>
|
|
<echo message="Stapling was successful"/>
|
|
</target>
|
|
</project>
|