strepsirrhini/office-gobmx
9
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

mac: don't put script files into Contents/MacOS or framework-bin directory

Browse source 
Signing them as executable code would require external attributes, and
those in turn break packaging into hfs+ dmg when building on apfs with
Big Sur.
It is not a new thing - the old Code Signing in Depth technote
https://developer.apple.com/library/archive/technotes/tn2206/_index.html
already reads:
"Store Python, Perl, shell, and other script files and other non-Mach-O
executables in your app's Contents/Resources directory. While it's
possible to sign such executables and store them in Contents/MacOS, this
is not recommended.
[…]
Put another way, a properly-signed app that has all of its files in the
correct places will not contain any signatures stored as extended
attributes."
The patch does exactly that for LO and the shipped python framework and
adds symlinks for the moved files.
Same applies for the Language pack applescript and the tarball - those
are also moved into Contents/Resources

Change-Id: Iab21e77b73f941248ca89c6e80703fdf67a1057c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109537
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
This commit is contained in:
Christian Lohmaier 2021-01-18 11:01:48 +01:00
parent cbbfed8936
commit 4b9190fc29
5 changed files with 34 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
desktop/Package_scripts.mk
View file

@ -16,10 +16,14 @@ $(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_BIN_FOLDER)/uno
endif endif
ifneq ($(OS),WNT) ifeq ($(OS), MACOSX)
# only mach-o binaries allowed in bin folder (signing scripts would require extended attributes)
$(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_BIN_FOLDER)/unoinfo,$(if $(filter MACOSX,$(OS)),unoinfo-mac.sh,unoinfo.sh))) # so install it into Resources folder and use a symlink instead
# see https://developer.apple.com/library/archive/technotes/tn2206/_index.html
$(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_SHARE_FOLDER)/unoinfo,unoinfo-mac.sh))
$(eval $(call gb_Package_add_symbolic_link,desktop_scripts_install,$(LIBO_BIN_FOLDER)/unoinfo,../$(LIBO_SHARE_FOLDER)/unoinfo))
else ifneq ($(OS),WNT)
$(eval $(call gb_Package_add_file,desktop_scripts_install,$(LIBO_BIN_FOLDER)/unoinfo,unoinfo.sh))
endif endif
# vim: set ts=4 sw=4 noet: # vim: set ts=4 sw=4 noet:

23
external/python3/ExternalProject_python3.mk vendored
View file

@ -139,16 +139,20 @@ ifeq ($(OS),MACOSX)
python3_fw_prefix=$(call gb_UnpackedTarball_get_dir,python3)/python-inst/@__________________________________________________OOO/LibreOfficePython.framework python3_fw_prefix=$(call gb_UnpackedTarball_get_dir,python3)/python-inst/@__________________________________________________OOO/LibreOfficePython.framework
# rule to allow relocating the whole framework, removing reference to buildinstallation directory # rule to allow relocating the whole framework, removing reference to buildinstallation directory
# also scripts are not allowed to be signed as executables (with extended attributes), but need to
# be treated as data/put into Resources folder, see also
# https://developer.apple.com/library/archive/technotes/tn2206/_index.html
$(call gb_ExternalProject_get_state_target,python3,fixscripts) : $(call gb_ExternalProject_get_state_target,python3,build) $(call gb_ExternalProject_get_state_target,python3,fixscripts) : $(call gb_ExternalProject_get_state_target,python3,build)
$(call gb_Output_announce,python3 - remove reference to installroot from scripts,build,CUS,5) $(call gb_Output_announce,python3 - remove reference to installroot from scripts,build,CUS,5)
$(COMMAND_ECHO)for file in \ $(COMMAND_ECHO)cd $(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/ && \
$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/2to3-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \ for file in \
$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/easy_install-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \ 2to3-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/idle$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \ easy_install-$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/pip$(PYTHON_VERSION_MAJOR) \ idle$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/pip$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \ pip$(PYTHON_VERSION_MAJOR) \
$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/pydoc$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \ pip$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
$(python3_fw_prefix)/Versions/$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)/bin/python$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)-config \ pydoc$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
python$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)-config \
; do { rm "$$file" && $(gb_AWK) '\ ; do { rm "$$file" && $(gb_AWK) '\
BEGIN {print "#!/bin/bash\n\ BEGIN {print "#!/bin/bash\n\
origpath=$$(pwd)\n\ origpath=$$(pwd)\n\
@ -157,7 +161,8 @@ cd \"$$origpath\"\n\
\"$$bindir/../Resources/Python.app/Contents/MacOS/LibreOfficePython\" - $$@ <<EOF"} \ \"$$bindir/../Resources/Python.app/Contents/MacOS/LibreOfficePython\" - $$@ <<EOF"} \
FNR==1{next} \ FNR==1{next} \
{print} \ {print} \
END {print "EOF"}' > "$$file" ; } < "$$file" ; chmod +x "$$file" ; done END {print "EOF"}' > "../Resources/$$file" ; } < "$$file" && \
chmod +x "../Resources/$$file" && ln -s "../Resources/$$file" ; done
touch $@ touch $@
$(call gb_ExternalProject_get_state_target,python3,fixinstallnames) : $(call gb_ExternalProject_get_state_target,python3,build) $(call gb_ExternalProject_get_state_target,python3,fixinstallnames) : $(call gb_ExternalProject_get_state_target,python3,build)

2
setup_native/scripts/mac_install.script
View file

@ -24,4 +24,4 @@
MY_DIR=$(dirname "$0") MY_DIR=$(dirname "$0")
osascript "$MY_DIR/osx_install.applescript" osascript "$MY_DIR/Resources/osx_install.applescript"

8
shell/Package_senddoc.mk
View file

@ -9,6 +9,14 @@
$(eval $(call gb_Package_Package,shell_senddoc,$(SRCDIR)/shell/source/unix/misc)) $(eval $(call gb_Package_Package,shell_senddoc,$(SRCDIR)/shell/source/unix/misc))
ifeq ($(OS), MACOSX)
# only mach-o binaries allowed in bin folder (signing scripts would require extended attributes)
# so install it into Resources folder and use a symlink instead
# see https://developer.apple.com/library/archive/technotes/tn2206/_index.html
$(eval $(call gb_Package_add_file,shell_senddoc,$(LIBO_SHARE_FOLDER)/senddoc,senddoc.sh))
$(eval $(call gb_Package_add_symbolic_link,shell_senddoc,$(LIBO_BIN_FOLDER)/senddoc,../$(LIBO_SHARE_FOLDER)/senddoc))
else
$(eval $(call gb_Package_add_file,shell_senddoc,$(LIBO_BIN_FOLDER)/senddoc,senddoc.sh)) $(eval $(call gb_Package_add_file,shell_senddoc,$(LIBO_BIN_FOLDER)/senddoc,senddoc.sh))
endif
# vim: set shiftwidth=4 tabstop=4 noexpandtab: # vim: set shiftwidth=4 tabstop=4 noexpandtab:

5
solenv/bin/modules/installer/simplepackage.pm
View file

@ -324,11 +324,12 @@ sub create_package
} }
my $sourcefile = $srcfolder . "/" . $tarballname; my $sourcefile = $srcfolder . "/" . $tarballname;
my $destfile = $contentsfolder . "/" . $tarballname; my $destfile = $contentsfolder . "/Resources/" . $tarballname;
installer::systemactions::remove_complete_directory($appfolder); installer::systemactions::remove_complete_directory($appfolder);
installer::systemactions::create_directory($appfolder); installer::systemactions::create_directory($appfolder);
installer::systemactions::create_directory($contentsfolder); installer::systemactions::create_directory($contentsfolder);
installer::systemactions::create_directory($contentsfolder . "/Resources");
installer::systemactions::copy_one_file($sourcefile, $destfile); installer::systemactions::copy_one_file($sourcefile, $destfile);
installer::systemactions::remove_complete_directory($srcfolder); installer::systemactions::remove_complete_directory($srcfolder);
@ -350,7 +351,7 @@ sub create_package
if (! -f $scriptref) { installer::exiter::exit_program("ERROR: Could not find Apple script $scriptfilename ($scriptref)!", "create_package"); } if (! -f $scriptref) { installer::exiter::exit_program("ERROR: Could not find Apple script $scriptfilename ($scriptref)!", "create_package"); }
if (! -f $scripthelperfilename) { installer::exiter::exit_program("ERROR: Could not find Apple script $scripthelperfilename!", "create_package"); } if (! -f $scripthelperfilename) { installer::exiter::exit_program("ERROR: Could not find Apple script $scripthelperfilename!", "create_package"); }
$scriptfilename = $contentsfolder . "/" . $scriptrealfilename; $scriptfilename = $contentsfolder . "/Resources/" . $scriptrealfilename;
$scripthelperrealfilename = $contentsfolder . "/" . $scripthelperrealfilename; $scripthelperrealfilename = $contentsfolder . "/" . $scripthelperrealfilename;
installer::systemactions::copy_one_file($scriptref, $scriptfilename); installer::systemactions::copy_one_file($scriptref, $scriptfilename);