Ubuntu One Windows Installer

Merge lp:~mikemc/ubuntuone-windows-installer/setup-mac-certfix into lp:ubuntuone-windows-installer

  1. setup-mac-certfix
  2. Merge into trunk
Proposed by Mike McCracken on 2012-09-11
Status: Merged
Approved by: Mike McCracken on 2012-09-11
Approved revision: 150
Merged at revision: 138
Proposed branch: lp:~mikemc/ubuntuone-windows-installer/setup-mac-certfix
Merge into: lp:ubuntuone-windows-installer
Diff against target: 89 lines (+46/-7)
3 files modified
scripts/codesign-darwin-verify.sh (+33/-0)
scripts/codesign-darwin.sh (+6/-6)
scripts/setup-mac.py (+7/-1)
To merge this branch: bzr merge lp:~mikemc/ubuntuone-windows-installer/setup-mac-certfix
Reviewer Review Type Date Requested Status
Roberto Alsina (community) 2012-09-11 Approve on 2012-09-11
Review via email: mp+123782@code.launchpad.net

Commit Message

- Fix filename for cert in setup-mac, use full CN for code signing req.

Description of the Change

- Fix filename for cert in setup-mac, use full CN for code signing req.

To test, in an os x buildout, run python setup-mac.py prepare py2app.

It should not complain about the valicert cert, and should complete successfully.

Then to test the code signing, cd to dist/build_to_sign/ and sign the app:
bash codesign-darwin.sh "Mac Developer: Michael McCracken (GP72FH8MSU)"

Then run the new verify script:
bash codesign-darwin-verify.sh

To post a comment you must log in.
Roberto Alsina (ralsina) wrote :

Looks good to me.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file 'scripts/codesign-darwin-verify.sh'
2--- scripts/codesign-darwin-verify.sh 1970-01-01 00:00:00 +0000
3+++ scripts/codesign-darwin-verify.sh 2012-09-11 16:17:19 +0000
4@@ -0,0 +1,33 @@
5+#!/bin/bash
6+
7+codesign=/usr/bin/codesign
8+
9+set -x
10+set -e
11+
12+helper=UbuntuOne.app/Contents/Library/LaunchServices/com.ubuntu.one.fsevents
13+
14+echo "\nDisplaying Contents:"
15+$codesign -d -vvvv UbuntuOne.app
16+
17+echo "\nVerifying Main App:"
18+$codesign -v -v UbuntuOne.app
19+
20+echo "\nVerifying Daemon:"
21+$codesign -v -v $helper
22+
23+echo "\nDouble-check: the SMPrivilegedExecutables entry should show the right ID and CN"
24+defaults read "`pwd`/UbuntuOne.app/Contents/Info.plist" SMPrivilegedExecutables
25+defaults read "`pwd`/UbuntuOne.app/Contents/Info.plist" SMPrivilegedExecutables | perl -nle 'print "identifier $1 and certificate leaf[subject.CN] = \"$3\"" if /\"(.*)\" = \"identifier (.*) and certificate leaf\[subject.CN\] = \\\\\"(.*)\\\\\"/;' > tmp.req
26+
27+echo "\nChecking that the helper satisfies the app SMPrivilegedExecutables requirement"
28+$codesign -v -v -R tmp.req $helper
29+rm tmp.req
30+
31+echo "\nChecking that the app satisfies the helper's SMAuthorizedClients requirement"
32+otool -s __TEXT __info_plist $helper | grep "^[0-9a-f]\{8,16\}" | xxd -r - - > tmp.plist
33+perl -nle 'print "identifier $1 and certificate leaf[subject.CN] = \"$2\"" if /identifier (.*) and certificate leaf\[subject.CN\] = "(.*)"/;' tmp.plist > tmp.req
34+$codesign -v -v -R tmp.req UbuntuOne.app
35+rm tmp.plist tmp.req
36+
37+echo Done.
38
39=== modified file 'scripts/codesign-darwin.sh'
40--- scripts/codesign-darwin.sh 2012-08-28 15:46:09 +0000
41+++ scripts/codesign-darwin.sh 2012-09-11 16:17:19 +0000
42@@ -1,16 +1,16 @@
43 #!/bin/bash
44
45+codesign=/usr/bin/codesign
46+
47 set -x
48 set -e
49
50-/usr/bin/codesign -f -s "$@" com.ubuntu.one.fsevents
51+$codesign -f -s "$@" com.ubuntu.one.fsevents
52
53 mkdir -p UbuntuOne.app/Contents/Library/LaunchServices
54
55-mv com.ubuntu.one.fsevents UbuntuOne.app/Contents/Library/LaunchServices/
56-
57-/usr/bin/codesign -f -s "$@" UbuntuOne.app
58-
59-/usr/bin/codesign -vvvv -d UbuntuOne.app
60+cp com.ubuntu.one.fsevents UbuntuOne.app/Contents/Library/LaunchServices/
61+
62+$codesign -f -s "$@" UbuntuOne.app
63
64 echo Done.
65
66=== modified file 'scripts/setup-mac.py'
67--- scripts/setup-mac.py 2012-09-05 19:08:47 +0000
68+++ scripts/setup-mac.py 2012-09-11 16:17:19 +0000
69@@ -52,7 +52,11 @@
70 print "or see http://bitbucket.com/ronaldoussoren/py2app/"
71 sys.exit()
72
73-CODESIGN_CN = "Joe Developer"
74+# NOTE - this needs to be the full CN, not just a substring.
75+# /usr/bin/codesign will find the right cert if you pass it a
76+# substring, but the rest of the system wants an exact match.
77+CODESIGN_CN = "Mac Developer: Michael McCracken (GP72FH8MSU)"
78+
79 FSEVENTS_DAEMON_NAME = "com.ubuntu.one.fsevents"
80
81 APP_NAMES = {'ubuntu-sso-login': 'Ubuntu SSO Helper',
82@@ -797,5 +801,7 @@
83 shutil.copy(daemon_build_path, sign_dir)
84 shutil.copy(os.path.join("codesign-darwin.sh"),
85 sign_dir)
86+ shutil.copy(os.path.join("codesign-darwin-verify.sh"),
87+ sign_dir)
88
89 print "Done. See %r for the signing package." % sign_dir

Subscribers

People subscribed via source and target branches