Browse Source
0.107a9cf80
docs: add/update docs for osx dmg signing (Cory Fields)914868a
build: add a deterministic dmg signer (Cory Fields)d69ed2b
build: Clean up the dmg layout (Cory Fields)2f327a3
build: add the deploydir target for gitian (Cory Fields)
Wladimir J. van der Laan
10 years ago
8 changed files with 218 additions and 16 deletions
@ -0,0 +1,37 @@ |
|||||||
|
--- |
||||||
|
name: "bitcoin-dmg-signer" |
||||||
|
suites: |
||||||
|
- "precise" |
||||||
|
architectures: |
||||||
|
- "amd64" |
||||||
|
packages: |
||||||
|
- "libc6:i386" |
||||||
|
- "faketime" |
||||||
|
reference_datetime: "2013-06-01 00:00:00" |
||||||
|
remotes: [] |
||||||
|
files: |
||||||
|
- "bitcoin-0.9.99-osx-unsigned.tar.gz" |
||||||
|
- "signature.tar.gz" |
||||||
|
script: | |
||||||
|
WRAP_DIR=$HOME/wrapped |
||||||
|
mkdir -p ${WRAP_DIR} |
||||||
|
export PATH=`pwd`:$PATH |
||||||
|
FAKETIME_PROGS="dmg genisoimage" |
||||||
|
|
||||||
|
# Create global faketime wrappers |
||||||
|
for prog in ${FAKETIME_PROGS}; do |
||||||
|
echo '#!/bin/bash' > ${WRAP_DIR}/${prog} |
||||||
|
echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog} |
||||||
|
echo 'export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${prog} |
||||||
|
echo "export FAKETIME=\"${REFERENCE_DATETIME}\"" >> ${WRAP_DIR}/${prog} |
||||||
|
echo "\$REAL \$@" >> $WRAP_DIR/${prog} |
||||||
|
chmod +x ${WRAP_DIR}/${prog} |
||||||
|
done |
||||||
|
|
||||||
|
UNSIGNED=`echo bitcoin-*.tar.gz` |
||||||
|
SIGNED=`echo ${UNSIGNED} | sed 's/.tar.*//' | sed 's/-unsigned//'`.dmg |
||||||
|
|
||||||
|
tar -xf ${UNSIGNED} |
||||||
|
./detached-sig-apply.sh ${UNSIGNED} signature.tar.gz |
||||||
|
${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "Bitcoin-Qt" -no-pad -r -apple -o uncompressed.dmg signed-app |
||||||
|
${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED} |
Binary file not shown.
@ -0,0 +1,53 @@ |
|||||||
|
#!/bin/sh |
||||||
|
set -e |
||||||
|
|
||||||
|
UNSIGNED=$1 |
||||||
|
SIGNATURE=$2 |
||||||
|
ARCH=x86_64 |
||||||
|
ROOTDIR=dist |
||||||
|
BUNDLE=${ROOTDIR}/Bitcoin-Qt.app |
||||||
|
TEMPDIR=signed.temp |
||||||
|
OUTDIR=signed-app |
||||||
|
|
||||||
|
if [ -z "$UNSIGNED" ]; then |
||||||
|
echo "usage: $0 <unsigned app> <signature>" |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
|
||||||
|
if [ -z "$SIGNATURE" ]; then |
||||||
|
echo "usage: $0 <unsigned app> <signature>" |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
|
||||||
|
rm -rf ${TEMPDIR} && mkdir -p ${TEMPDIR} |
||||||
|
tar -C ${TEMPDIR} -xf ${UNSIGNED} |
||||||
|
tar -C ${TEMPDIR} -xf ${SIGNATURE} |
||||||
|
|
||||||
|
if [ -z "${PAGESTUFF}" ]; then |
||||||
|
PAGESTUFF=${TEMPDIR}/pagestuff |
||||||
|
fi |
||||||
|
|
||||||
|
if [ -z "${CODESIGN_ALLOCATE}" ]; then |
||||||
|
CODESIGN_ALLOCATE=${TEMPDIR}/codesign_allocate |
||||||
|
fi |
||||||
|
|
||||||
|
for i in `find ${TEMPDIR} -name "*.sign"`; do |
||||||
|
SIZE=`stat -c %s ${i}` |
||||||
|
TARGET_FILE=`echo ${i} | sed 's/\.sign$//'` |
||||||
|
|
||||||
|
echo "Allocating space for the signature of size ${SIZE} in ${TARGET_FILE}" |
||||||
|
${CODESIGN_ALLOCATE} -i ${TARGET_FILE} -a ${ARCH} ${SIZE} -o ${i}.tmp |
||||||
|
|
||||||
|
OFFSET=`${PAGESTUFF} ${i}.tmp -p | tail -2 | grep offset | sed 's/[^0-9]*//g'` |
||||||
|
if [ -z ${QUIET} ]; then |
||||||
|
echo "Attaching signature at offset ${OFFSET}" |
||||||
|
fi |
||||||
|
|
||||||
|
dd if=$i of=${i}.tmp bs=1 seek=${OFFSET} count=${SIZE} 2>/dev/null |
||||||
|
mv ${i}.tmp ${TARGET_FILE} |
||||||
|
rm ${i} |
||||||
|
echo "Success." |
||||||
|
done |
||||||
|
mv ${TEMPDIR}/${ROOTDIR} ${OUTDIR} |
||||||
|
rm -rf ${TEMPDIR} |
||||||
|
echo "Signed: ${OUTDIR}" |
@ -0,0 +1,46 @@ |
|||||||
|
#!/bin/sh |
||||||
|
set -e |
||||||
|
|
||||||
|
ROOTDIR=dist |
||||||
|
BUNDLE=${ROOTDIR}/Bitcoin-Qt.app |
||||||
|
CODESIGN=codesign |
||||||
|
TEMPDIR=sign.temp |
||||||
|
TEMPLIST=${TEMPDIR}/signatures.txt |
||||||
|
OUT=signature.tar.gz |
||||||
|
|
||||||
|
if [ ! -n "$1" ]; then |
||||||
|
echo "usage: $0 <codesign args>" |
||||||
|
echo "example: $0 -s MyIdentity" |
||||||
|
exit 1 |
||||||
|
fi |
||||||
|
|
||||||
|
rm -rf ${TEMPDIR} ${TEMPLIST} |
||||||
|
mkdir -p ${TEMPDIR} |
||||||
|
|
||||||
|
${CODESIGN} -f --file-list ${TEMPLIST} "$@" "${BUNDLE}" |
||||||
|
|
||||||
|
for i in `grep -v CodeResources ${TEMPLIST}`; do |
||||||
|
TARGETFILE="${BUNDLE}/`echo ${i} | sed "s|.*${BUNDLE}/||"`" |
||||||
|
SIZE=`pagestuff $i -p | tail -2 | grep size | sed 's/[^0-9]*//g'` |
||||||
|
OFFSET=`pagestuff $i -p | tail -2 | grep offset | sed 's/[^0-9]*//g'` |
||||||
|
SIGNFILE="${TEMPDIR}/${TARGETFILE}.sign" |
||||||
|
DIRNAME="`dirname ${SIGNFILE}`" |
||||||
|
mkdir -p "${DIRNAME}" |
||||||
|
echo "Adding detached signature for: ${TARGETFILE}. Size: ${SIZE}. Offset: ${OFFSET}" |
||||||
|
dd if=$i of=${SIGNFILE} bs=1 skip=${OFFSET} count=${SIZE} 2>/dev/null |
||||||
|
done |
||||||
|
|
||||||
|
for i in `grep CodeResources ${TEMPLIST}`; do |
||||||
|
TARGETFILE="${BUNDLE}/`echo ${i} | sed "s|.*${BUNDLE}/||"`" |
||||||
|
RESOURCE="${TEMPDIR}/${TARGETFILE}" |
||||||
|
DIRNAME="`dirname "${RESOURCE}"`" |
||||||
|
mkdir -p "${DIRNAME}" |
||||||
|
echo "Adding resource for: "${TARGETFILE}"" |
||||||
|
cp "${i}" "${RESOURCE}" |
||||||
|
done |
||||||
|
|
||||||
|
rm ${TEMPLIST} |
||||||
|
|
||||||
|
tar -C ${TEMPDIR} -czf ${OUT} . |
||||||
|
rm -rf ${TEMPDIR} |
||||||
|
echo "Created ${OUT}" |
Loading…
Reference in new issue