Ticket #51504: code-sign-1.0.tcl

File code-sign-1.0.tcl, 5.1 KB (added by RJVB (René Bertin), 9 years ago)
Line 
1# -*- coding: utf-8; mode: tcl; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 4; truncate-lines: t -*- vim:fenc=utf-8:et:sw=4:ts=4:sts=4
2# $Id: code-sign-1.0.tcl -1 2016-00-01 06:40:18Z gmail.com:rjvbertin $
3
4# Copyright (c) 2015 The MacPorts Project
5# All rights reserved.
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions are
9# met:
10#
11# 1. Redistributions of source code must retain the above copyright
12#    notice, this list of conditions and the following disclaimer.
13# 2. Redistributions in binary form must reproduce the above copyright
14#    notice, this list of conditions and the following disclaimer in the
15#    documentation and/or other materials provided with the distribution.
16# 3. Neither the name of Apple Computer, Inc. nor the names of its
17#    contributors may be used to endorse or promote products derived from
18#    this software without specific prior written permission.
19#
20# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31#
32#
33# Usage:
34# PortGroup     code-sign 1.0
35
36# checks for the existence of a file etc/macports/codesigning.conf and read options
37# from that file if it exists. If that provides a non-empty option `identity`, its
38# contents will be used to sign the file given in the first argument. If the file also
39# defines the `user` option, the signing operation will be run as that user. This is
40# required unless the MacPorts user has the desired signing key in the keychain, or when
41# using the ad hoc identify ("-").
42# Additional arguments allow to override the defaults from codesigning.conf, e.g.
43#
44# codesign ${sub_prefix}/bin/debugserver lldb_codesign
45#
46# This procedure is supposed to be called from the post-activate phase. The procedure
47# returns 0 in case of success, and 1 otherwise. This makes it possible to instruct
48# the user, for instance to create the required key.
49# Note that care should be taken (in a post-activate block) that the activation procedure
50# doesn't abort.
51
52proc codesign {app {sign_identity 0} {sign_user ""}} {
53    global prefix
54#     if {[file exists ${prefix}/etc/macports/codesign-identity.tcl]} {
55#         if {[catch {source "${prefix}/etc/macports/codesign-identity.tcl"} err]} {
56#             ui_error "reading ${prefix}/etc/macports/codesign-identity.tcl: $err"
57#             return -code error "Error reading ${prefix}/etc/macports/codesign-identity.tcl"
58#         }
59#     }
60    set codesigning_conf "${prefix}/etc/macports/codesigning.conf"
61    if {[file exists ${codesigning_conf}]} {
62        set fd [open ${codesigning_conf} r]
63        while {[gets $fd line] >= 0} {
64            if {[regexp {^(\w+)([ \t]+(.*))?$} $line match option ignore val] == 1} {
65                ui_msg "Option ${option} set to ${val}"
66                set ${option} ${val}
67            }
68        }
69        close $fd
70    }
71    if {${sign_identity} ne 0} {
72        set identity ${sign_identity}
73        ui_info "Set sign identity from arguments; ${identity}"
74    }
75    if {${sign_user} ne ""} {
76        set user ${sign_user}
77        ui_info "Set sign user from arguments; ${user}"
78    }
79    platform darwin {
80        if {[info exists identity] && (${identity} ne "")} {
81            if {[file exists ${app}]} {
82                if {[info exists user] && ${user} ne ""} {
83                    set home [glob "~${user}"]
84                    ui_info "Signing ${app} with ${identity} from ${user}'s keychains under HOME=${home}"
85                    if {[catch {system "env HOME=${home} codesign -s ${identity} --preserve-metadata -f -vvv --deep ${app}"} err]} {
86                        ui_error "Signing ${app} with ${identity} from ${user}'s keychains under HOME=${home}: ${err}"
87                    } else {
88                        return 0
89                    }
90                } else {
91                    ui_info "Signing ${app} with ${identity}"
92                    if {[catch {system "codesign -s ${identity} --preserve-metadata -f -vvv --deep ${app}"} err]} {
93                        ui_error "Signing ${app} with ${identity}: ${err}"
94                        ui_msg "You will probably need to set the user option to your own username in ${codesigning_conf}"
95                    }
96                }
97            } else {
98                ui_error "File ${app} cannot be signed because it doesn't exist"
99            }
100        }  else {
101            ui_error "No signing identity given through the arguments or in ${codesigning_conf}"
102        }
103        return 1
104    }
105}