forked from osmocom/wireshark
87 lines
2.2 KiB
Bash
Executable File
87 lines
2.2 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# USAGE
|
|
# osx-extras
|
|
#
|
|
# This script preps the "Extras" packages prior to package creation.
|
|
#
|
|
|
|
set -e
|
|
shopt -s extglob
|
|
|
|
# Help message
|
|
#----------------------------------------------------------
|
|
help()
|
|
{
|
|
echo -e "
|
|
Prepare Wireshark's \"Extras\" packages.
|
|
|
|
USAGE
|
|
$0
|
|
|
|
OPTIONS
|
|
-h,--help
|
|
Display this help message.
|
|
"
|
|
}
|
|
|
|
|
|
# Parse command line arguments
|
|
#----------------------------------------------------------
|
|
while [ "$1" != "" ]
|
|
do
|
|
case $1 in
|
|
-h|--help)
|
|
help
|
|
exit 0 ;;
|
|
*)
|
|
echo "Invalid command line option: $1"
|
|
exit 2 ;;
|
|
esac
|
|
shift 1
|
|
done
|
|
|
|
script_dir=$( dirname "$0" )
|
|
|
|
codesign_file () {
|
|
# https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html
|
|
# https://developer.apple.com/library/archive/technotes/tn2206/_index.html
|
|
# https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues?language=objc
|
|
#
|
|
# XXX Do we need to add the com.apple.security.cs.allow-unsigned-executable-memory
|
|
# entitlement for Lua?
|
|
# https://developer.apple.com/documentation/security/hardened_runtime_entitlements?language=objc
|
|
codesign \
|
|
--sign "Developer ID Application: $CODE_SIGN_IDENTITY" \
|
|
--prefix "org.wireshark." \
|
|
--force \
|
|
--timestamp \
|
|
--verbose \
|
|
"$1"
|
|
}
|
|
|
|
if [ -n "$CODE_SIGN_IDENTITY" ] ; then
|
|
security find-identity -v -s "$CODE_SIGN_IDENTITY" -p codesigning
|
|
|
|
# According to
|
|
# https://developer.apple.com/library/archive/technotes/tn2206/_index.html and
|
|
# https://carlashley.com/2018/09/23/code-signing-scripts-for-pppc-whitelisting/
|
|
# script signatures are stored in the file's extended attributes.
|
|
#
|
|
# In general, signing shell scripts probably isn't very useful.
|
|
# In this specific case we should be able to ensure that
|
|
# ChmodBPF's extended attributes are preserved from the build
|
|
# system to the end user's machine.
|
|
|
|
chmodbpf="$script_dir/ChmodBPF/root/Library/Application Support/Wireshark/ChmodBPF/ChmodBPF"
|
|
echo "Signing ChmodBPF"
|
|
codesign_file "$chmodbpf"
|
|
|
|
# Code Signing Guide, "Testing Conformance with Command Line Tools"
|
|
codesign --verify --strict --verbose=2 "$chmodbpf" || exit 1
|
|
else
|
|
echo "Extras code signing not performed (no identity)"
|
|
fi
|
|
|
|
exit 0
|