1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
#!/usr/bin/python
# Emulates the behaviour of codesign --deep which is missing on OS X < 10.9
import os
import re
import subprocess
import sys
def SignPath(path, developer_id, deep=True):
args = [
'codesign',
'--preserve-metadata=identifier,entitlements,resource-rules,requirements',
'-s', developer_id,
'-fv', path
]
if deep:
args.append('--deep')
subprocess.check_call(args)
def main():
if len(sys.argv) != 3:
print 'Usage: %s <developer id> <app bundle>' % sys.argv[0]
sys.exit(1)
developer_id = sys.argv[1]
app_bundle = sys.argv[2]
for root, dirs, files in os.walk(app_bundle):
for dir in dirs:
if re.search(r'\.framework$', dir):
SignPath(os.path.join(root, dir), developer_id)
for file in files:
if re.search(r'\.(dylib|so)$', file):
SignPath(os.path.join(root, file), developer_id)
elif re.match(r'(clementine-spotifyblob|clementine-tagreader|gst-plugin-scanner)', file):
SignPath(os.path.join(root, file), developer_id)
SignPath(app_bundle, developer_id, deep=False)
# Verify the signatures are valid.
subprocess.check_call([
'codesign', '--verify', '--verbose=4', app_bundle])
subprocess.check_call([
'spctl', '--assess', '--verbose=4', app_bundle])
if __name__ == '__main__':
main()
|
