git://git.openafs.org / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (parent: 80afdc2)
DARWIN: ensure PrefPane materials are properly signed 20/14220/3
authorMark Vitale <mvitale@sinenomine.net>
Mon, 11 May 2020 00:51:59 +0000 (20:51 -0400)
committerBenjamin Kaduk <kaduk@mit.edu>
Fri, 29 May 2020 04:48:23 +0000 (00:48 -0400)
Notarization fails because some prefPane materials were inadvertently
omitted by the codesign logic.

Ensure that these objects are properly signed.

Change-Id: Ifc58e6f834a3237b7991257ee85de4e90fc3da12
Reviewed-on: https://gerrit.openafs.org/14220
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

src/packaging/MacOS/pkgbuild.sh.in patch | blob | history

diff --git a/src/packaging/MacOS/pkgbuild.sh.in b/src/packaging/MacOS/pkgbuild.sh.in
index de566ea..0462884 100644 (file)
--- a/src/packaging/MacOS/pkgbuild.sh.in
+++ b/src/packaging/MacOS/pkgbuild.sh.in
@@ -340,6 +340,10 @@ if [ x"$PASS1" = x1 ]; then
     chmod  og-rx "$PKGROOT"/private/var/db/openafs/cache
 
     if [ x"$APP_KEY" != x ] ; then
+       # To be notarized by Apple, all files must be signed.
+       find "$PKGROOT" -type f -exec codesign --verbose --force \
+           --timestamp --sign "$APP_KEY" $CODESIGN_OPTS {} \;
+
        # Sign each 'thing' that we have (commands, kexts, etc)
        for obj in "$DPKGROOT"/Library/OpenAFS/Debug/afs.kext \
                   "$PKGROOT"/Library/OpenAFS/Tools/root.client/usr/vice/etc/afs.kext \
@@ -349,14 +353,13 @@ if [ x"$PASS1" = x1 ]; then
                   "$PKGROOT"/Library/Security/SecurityAgentPlugins/aklog.bundle \
                   "$PKGROOT"/Library/OpenAFS/Tools/tools/growlagent-openafs.app \
                   "$PKGROOT"/Library/OpenAFS/Tools/tools/aklog.bundle \
+                  "$PKGROOT"/Library/OpenAFS/Tools/tools/OpenAFS.prefPane/Contents/Resources/AFSBackgrounder.app \
+                  "$PKGROOT"/Library/OpenAFS/Tools/tools/OpenAFS.prefPane \
                   "$PLUGINS"/afscell.bundle
        do
            codesign --verbose --force --timestamp --sign "$APP_KEY" $CODESIGN_OPTS "$obj"
        done
 
-       # To be notarized by Apple, all files must be signed.
-       find "$PKGROOT" -type f -exec codesign --verbose --force \
-           --timestamp --sign "$APP_KEY" $CODESIGN_OPTS {} \;
 
        # Check if our signatures for our kexts are valid. 'kextutil' will exit
        # with an error and print out a message if something is wrong with the
OpenAFS Master Repository