packaging/macosx/osx-extras.sh

   1 #!/bin/bash
   2 #
   3 # USAGE
   4 # osx-extras
   5 #
   6 # This script preps the "Extras" packages prior to package creation.
   7 #
   8
   9 set -e
  10 shopt -s extglob
  11
  12 # Help message
  13 #----------------------------------------------------------
  14 help()
  15 {
  16 echo -e "
  17 Prepare Wireshark's \"Extras\" packages.
  18
  19 USAGE
  20         $0
  21
  22 OPTIONS
  23         -h,--help
  24                 Display this help message.
  25 "
  26 }
  27
  28
  29 # Parse command line arguments
  30 #----------------------------------------------------------
  31 while [ "$1" != "" ]
  32 do
  33         case $1 in
  34                 -h|--help)
  35                         help
  36                         exit 0 ;;
  37                 *)
  38                         echo "Invalid command line option: $1"
  39                         exit 2 ;;
  40         esac
  41         shift 1
  42 done
  43
  44 script_dir=$( dirname "$0" )
  45
  46 codesign_file () {
  47         # https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html
  48         # https://developer.apple.com/library/archive/technotes/tn2206/_index.html
  49         # https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues?language=objc
  50         #
  51         # XXX Do we need to add the com.apple.security.cs.allow-unsigned-executable-memory
  52         # entitlement for Lua?
  53         # https://developer.apple.com/documentation/security/hardened_runtime_entitlements?language=objc
  54         codesign \
  55                 --sign "Developer ID Application: $CODE_SIGN_IDENTITY" \
  56                 --prefix "org.wireshark." \
  57                 --force \
  58                 --timestamp \
  59                 --verbose \
  60                 "$1"
  61 }
  62
  63 if [ -n "$CODE_SIGN_IDENTITY" ] ; then
  64         security find-identity -v -s "$CODE_SIGN_IDENTITY" -p codesigning
  65
  66         # According to
  67         # https://developer.apple.com/library/archive/technotes/tn2206/_index.html and
  68         # https://carlashley.com/2018/09/23/code-signing-scripts-for-pppc-whitelisting/
  69         # script signatures are stored in the file's extended attributes.
  70         #
  71         # In general, signing shell scripts probably isn't very useful.
  72         # In this specific case we should be able to ensure that
  73         # ChmodBPF's extended attributes are preserved from the build
  74         # system to the end user's machine.
  75
  76         chmodbpf="$script_dir/ChmodBPF/root/Library/Application Support/Wireshark/ChmodBPF/ChmodBPF"
  77         echo "Signing ChmodBPF"
  78         codesign_file "$chmodbpf"
  79
  80         # Code Signing Guide, "Testing Conformance with Command Line Tools"
  81         codesign --verify --strict --verbose=2 "$chmodbpf" || exit 1
  82 else
  83         echo "Extras code signing not performed (no identity)"
  84 fi
  85
  86 exit 0