blob: a306ce403e1f01665e481892cbc34e21d5aa2759 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
#!/bin/bash
#
# USAGE
# osx-extras
#
# This script preps the "Extras" packages prior to package creation.
#
set -e
shopt -s extglob
# Help message
#----------------------------------------------------------
help()
{
echo -e "
Prepare Wireshark's \"Extras\" packages.
USAGE
$0
OPTIONS
-h,--help
Display this help message.
"
}
# Parse command line arguments
#----------------------------------------------------------
while [ "$1" != "" ]
do
case $1 in
-h|--help)
help
exit 0 ;;
*)
echo "Invalid command line option: $1"
exit 2 ;;
esac
shift 1
done
script_dir=$( dirname "$0" )
codesign_file () {
# https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html
# https://developer.apple.com/library/archive/technotes/tn2206/_index.html
# https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues?language=objc
#
# XXX Do we need to add the com.apple.security.cs.allow-unsigned-executable-memory
# entitlement for Lua?
# https://developer.apple.com/documentation/security/hardened_runtime_entitlements?language=objc
codesign \
--sign "Developer ID Application: $CODE_SIGN_IDENTITY" \
--prefix "org.wireshark." \
--force \
--timestamp \
--verbose \
"$1"
}
if [ -n "$CODE_SIGN_IDENTITY" ] ; then
security find-identity -v -s "$CODE_SIGN_IDENTITY" -p codesigning
# According to
# https://developer.apple.com/library/archive/technotes/tn2206/_index.html and
# https://carlashley.com/2018/09/23/code-signing-scripts-for-pppc-whitelisting/
# script signatures are stored in the file's extended attributes.
#
# In general, signing shell scripts probably isn't very useful.
# In this specific case we should be able to ensure that
# ChmodBPF's extended attributes are preserved from the build
# system to the end user's machine.
chmodbpf="$script_dir/ChmodBPF/root/Library/Application Support/Wireshark/ChmodBPF/ChmodBPF"
echo "Signing ChmodBPF"
codesign_file "$chmodbpf"
# Code Signing Guide, "Testing Conformance with Command Line Tools"
codesign --verify --strict --verbose=2 "$chmodbpf" || exit 1
else
echo "Extras code signing not performed (no identity)"
fi
exit 0
|
