Ubuntu One Windows Installer

Merge lp:~mikemc/ubuntuone-windows-installer/fix-signing-certname into lp:ubuntuone-windows-installer

fix-signing-certname
Merge into trunk

Proposed by Mike McCracken on 2013-01-24

Status:	Merged
Approved by:	dobey on 2013-02-01
Approved revision:	162
Merged at revision:	160
Proposed branch:	lp:~mikemc/ubuntuone-windows-installer/fix-signing-certname
Merge into:	lp:ubuntuone-windows-installer
Diff against target:	94 lines (+36/-10) 3 files modified scripts/codesign-darwin-verify.sh (+9/-4) scripts/codesign-darwin.sh (+8/-2) scripts/setup-mac.py (+19/-4)
To merge this branch:	bzr merge lp:~mikemc/ubuntuone-windows-installer/fix-signing-certname
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
dobey (community)		Approve on 2013-02-01
Brian Curtin (community)	2013-01-24	Approve on 2013-01-24
Review via email: mp+144820@code.launchpad.net

Commit message

- Allow code signing on macos with different certs, embed CN into fseventsd during build phase.

Description of the change

- Allow code signing on macos with different certs, embed CN into fseventsd during build phase.

Revision history for this message

Brian Curtin (brian.curtin) on 2013-01-24:

review: Approve

Revision history for this message

dobey (dobey) on 2013-02-01:

review: Approve

Revision history for this message

Ubuntu One Auto Pilot (otto-pilot) wrote on 2013-02-01:

Attempt to merge into lp:ubuntuone-windows-installer failed due to conflicts:

duplicate in scripts/data/update.conf.moved

lp:~mikemc/ubuntuone-windows-installer/fix-signing-certname updated on 2013-02-01

162. By Mike McCracken on 2013-02-01: merge with trunk, fix conflict

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Manuel de la Peña

Mike McCracken

Ubuntu One hackers

 === modified file 'scripts/codesign-darwin-verify.sh'
 --- scripts/codesign-darwin-verify.sh	2012-11-20 22:37:34 +0000
 +++ scripts/codesign-darwin-verify.sh	2013-02-01 21:15:49 +0000
@@ -25,9 +25,14 @@
  rm tmp.req
  echo "\nChecking that the app satisfies the helper's SMAuthorizedClients requirement"
--otool -s __TEXT __info_plist $helper | grep "^[0-9a-f]\{8,16\}" | xxd -r - - > tmp.plist
--perl -nle 'print "identifier $1 and certificate leaf[subject.CN] = \"$2\"" if /identifier (.*) and certificate leaf\[subject.CN\] = &quot;(.*)&quot;/;' tmp.plist > tmp.req
--$codesign -v -v -R tmp.req Ubuntu\ One.app
--rm tmp.plist tmp.req
++
++echo "\nActually skipping that because xxd is really slow for some reason"
++# otool -s __TEXT __info_plist $helper | grep "^[0-9a-f]\{8,16\}" | xxd -r - - > tmp.plist
++# perl -nle 'print "identifier $1 and certificate leaf[subject.CN] = \"$2\"" if /identifier (.*) and certificate leaf\[subject.CN\] = &quot;(.*)&quot;/;' tmp.plist > tmp.req
++# $codesign -v -v -R tmp.req Ubuntu\ One.app
++# rm tmp.plist tmp.req
++
++echo "\nChecking spctl rule output, look for 'Developer ID' "
++find ./Ubuntu\ One.app -name "*.app" -print0 | xargs -0 spctl -a --verbose=9
  echo Done.
 === modified file 'scripts/codesign-darwin.sh'
 --- scripts/codesign-darwin.sh	2012-11-20 22:37:34 +0000
 +++ scripts/codesign-darwin.sh	2013-02-01 21:15:49 +0000
@@ -3,7 +3,7 @@
  codesign=/usr/bin/codesign
  set -x
--set -e
++
  $codesign -f -s "$@" com.ubuntu.one.fsevents
@@ -11,6 +11,12 @@
  cp com.ubuntu.one.fsevents "Ubuntu One.app/Contents/Library/LaunchServices/"
--$codesign -f -s "$@" "Ubuntu One.app"
++find Ubuntu\ One.app -name "*.dylib" -exec $codesign -f -s "$@" {} \;
++
++find Ubuntu\ One.app -iname "python" -type f -exec $codesign -f -s "$@" {} \;
++
++find Ubuntu\ One.app/Contents -name "*.app" -exec $codesign -f -s "$@" {} \;
++
++$codesign -f -s "$@"  Ubuntu\ One.app
  echo Done.
 === modified file 'scripts/setup-mac.py'
 --- scripts/setup-mac.py	2012-12-10 18:17:41 +0000
 +++ scripts/setup-mac.py	2013-02-01 21:15:49 +0000
@@ -57,7 +57,12 @@
  # NOTE - this needs to be the full CN, not just a substring.
  # /usr/bin/codesign will find the right cert if you pass it a
  # substring, but the rest of the system wants an exact match.
--CODESIGN_CN = "Mac Developer: Michael McCracken (GP72FH8MSU)"
++if "U1_CODESIGN_CN" not in os.environ:
++    print "Must set U1_CODESIGN_CN to the CN of the cert to use in the helper"
++    print "Exiting."
++    sys.exit()
++
++CODESIGN_CN = os.environ["U1_CODESIGN_CN"]
  FSEVENTS_DAEMON_NAME = "com.ubuntu.one.fsevents"
@@ -481,13 +486,23 @@
          print "building fsevents daemon"
          log_file_name = os.path.join(INSTALL_DIR,
                                       "fsevents-daemon-build.log")
++
          with open(log_file_name, 'w') as logfile:
              proj_path = os.path.join(self.source_dir,
--                                     "ubuntuone-fsevents-daemon",
--                                     "objc")
++                                     "ubuntuone-fsevents-daemon")
++            objc_path = os.path.join(proj_path, "objc")
++            data_path = os.path.join(proj_path, "data")
++            plist_file_name = os.path.join(data_path,
++                                           "fseventsd-Info.plist")
++            with open(plist_file_name + ".tmpl", "rb") as infoplist_tmpl:
++                plist_tmpl_data = infoplist_tmpl.read()
++            plist_data = plist_tmpl_data.replace("@CODESIGN_CN@", CODESIGN_CN)
++            with open(plist_file_name, "wb") as infoplist:
++                infoplist.write(plist_data)
++
              cmd = ("cd %s && "
                     "xcodebuild -scheme FsEvents SYMROOT=%r clean build" %
--                   (proj_path, INSTALL_DIR))
++                   (objc_path, INSTALL_DIR))
              retval = subprocess.call(cmd,
                                       shell=True,
                                       stderr=subprocess.STDOUT,