Ubuntu One Windows Installer

Merge lp:~mikemc/ubuntuone-windows-installer/setup-mac-certfix into lp:ubuntuone-windows-installer

  1. setup-mac-certfix
  2. Merge into trunk
Proposed by Mike McCracken
Status: Merged
Approved by: Mike McCracken
Approved revision: 150
Merged at revision: 138
Proposed branch: lp:~mikemc/ubuntuone-windows-installer/setup-mac-certfix
Merge into: lp:ubuntuone-windows-installer
Diff against target: 89 lines (+46/-7)
3 files modified
scripts/codesign-darwin-verify.sh (+33/-0)
scripts/codesign-darwin.sh (+6/-6)
scripts/setup-mac.py (+7/-1)
To merge this branch: bzr merge lp:~mikemc/ubuntuone-windows-installer/setup-mac-certfix
Reviewer Review Type Date Requested Status
Roberto Alsina (community) Approve
Review via email: mp+123782@code.launchpad.net

Commit message

- Fix filename for cert in setup-mac, use full CN for code signing req.

Description of the change

- Fix filename for cert in setup-mac, use full CN for code signing req.

To test, in an os x buildout, run python setup-mac.py prepare py2app.

It should not complain about the valicert cert, and should complete successfully.

Then to test the code signing, cd to dist/build_to_sign/ and sign the app:
bash codesign-darwin.sh "Mac Developer: Michael McCracken (GP72FH8MSU)"

Then run the new verify script:
bash codesign-darwin-verify.sh

To post a comment you must log in.
Revision history for this message
Roberto Alsina (ralsina) wrote :

Looks good to me.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== added file 'scripts/codesign-darwin-verify.sh'
--- scripts/codesign-darwin-verify.sh 1970-01-01 00:00:00 +0000
+++ scripts/codesign-darwin-verify.sh 2012-09-11 16:17:19 +0000
@@ -0,0 +1,33 @@
1#!/bin/bash
2
3codesign=/usr/bin/codesign
4
5set -x
6set -e
7
8helper=UbuntuOne.app/Contents/Library/LaunchServices/com.ubuntu.one.fsevents
9
10echo "\nDisplaying Contents:"
11$codesign -d -vvvv UbuntuOne.app
12
13echo "\nVerifying Main App:"
14$codesign -v -v UbuntuOne.app
15
16echo "\nVerifying Daemon:"
17$codesign -v -v $helper
18
19echo "\nDouble-check: the SMPrivilegedExecutables entry should show the right ID and CN"
20defaults read "`pwd`/UbuntuOne.app/Contents/Info.plist" SMPrivilegedExecutables
21defaults read "`pwd`/UbuntuOne.app/Contents/Info.plist" SMPrivilegedExecutables | perl -nle 'print "identifier $1 and certificate leaf[subject.CN] = \"$3\"" if /\"(.*)\" = \"identifier (.*) and certificate leaf\[subject.CN\] = \\\\\"(.*)\\\\\"/;' > tmp.req
22
23echo "\nChecking that the helper satisfies the app SMPrivilegedExecutables requirement"
24$codesign -v -v -R tmp.req $helper
25rm tmp.req
26
27echo "\nChecking that the app satisfies the helper's SMAuthorizedClients requirement"
28otool -s __TEXT __info_plist $helper | grep "^[0-9a-f]\{8,16\}" | xxd -r - - > tmp.plist
29perl -nle 'print "identifier $1 and certificate leaf[subject.CN] = \"$2\"" if /identifier (.*) and certificate leaf\[subject.CN\] = "(.*)"/;' tmp.plist > tmp.req
30$codesign -v -v -R tmp.req UbuntuOne.app
31rm tmp.plist tmp.req
32
33echo Done.
034
=== modified file 'scripts/codesign-darwin.sh'
--- scripts/codesign-darwin.sh 2012-08-28 15:46:09 +0000
+++ scripts/codesign-darwin.sh 2012-09-11 16:17:19 +0000
@@ -1,16 +1,16 @@
1#!/bin/bash1#!/bin/bash
22
3codesign=/usr/bin/codesign
4
3set -x 5set -x
4set -e6set -e
57
6/usr/bin/codesign -f -s "$@" com.ubuntu.one.fsevents8$codesign -f -s "$@" com.ubuntu.one.fsevents
79
8mkdir -p UbuntuOne.app/Contents/Library/LaunchServices10mkdir -p UbuntuOne.app/Contents/Library/LaunchServices
911
10mv com.ubuntu.one.fsevents UbuntuOne.app/Contents/Library/LaunchServices/12cp com.ubuntu.one.fsevents UbuntuOne.app/Contents/Library/LaunchServices/
1113
12/usr/bin/codesign -f -s "$@" UbuntuOne.app14$codesign -f -s "$@" UbuntuOne.app
13
14/usr/bin/codesign -vvvv -d UbuntuOne.app
1515
16echo Done.16echo Done.
1717
=== modified file 'scripts/setup-mac.py'
--- scripts/setup-mac.py 2012-09-05 19:08:47 +0000
+++ scripts/setup-mac.py 2012-09-11 16:17:19 +0000
@@ -52,7 +52,11 @@
52 print "or see http://bitbucket.com/ronaldoussoren/py2app/"52 print "or see http://bitbucket.com/ronaldoussoren/py2app/"
53 sys.exit()53 sys.exit()
5454
55CODESIGN_CN = "Joe Developer"55# NOTE - this needs to be the full CN, not just a substring.
56# /usr/bin/codesign will find the right cert if you pass it a
57# substring, but the rest of the system wants an exact match.
58CODESIGN_CN = "Mac Developer: Michael McCracken (GP72FH8MSU)"
59
56FSEVENTS_DAEMON_NAME = "com.ubuntu.one.fsevents"60FSEVENTS_DAEMON_NAME = "com.ubuntu.one.fsevents"
5761
58APP_NAMES = {'ubuntu-sso-login': 'Ubuntu SSO Helper',62APP_NAMES = {'ubuntu-sso-login': 'Ubuntu SSO Helper',
@@ -797,5 +801,7 @@
797 shutil.copy(daemon_build_path, sign_dir)801 shutil.copy(daemon_build_path, sign_dir)
798 shutil.copy(os.path.join("codesign-darwin.sh"),802 shutil.copy(os.path.join("codesign-darwin.sh"),
799 sign_dir)803 sign_dir)
804 shutil.copy(os.path.join("codesign-darwin-verify.sh"),
805 sign_dir)
800806
801 print "Done. See %r for the signing package." % sign_dir807 print "Done. See %r for the signing package." % sign_dir

Subscribers

People subscribed via source and target branches