237377ac72
Before this change, the code signed during the build was installed directly. However, the signature gets invalidated because meson modifies the code to fix dynamic library install names during the install process. It also prevents meson to strip the code because the pre-signed file is not marked as an executable (although it is somehow able to perform the modification described above). With this change, the unsigned code will be installed and modified by meson first, and a script signs it later. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210225000614.46919-1-akihiko.odaki@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
26 lines
411 B
Bash
Executable File
26 lines
411 B
Bash
Executable File
#!/bin/sh -e
|
|
#
|
|
# Helper script for the build process to apply entitlements
|
|
|
|
in_place=:
|
|
if [ "$1" = --install ]; then
|
|
shift
|
|
in_place=false
|
|
fi
|
|
|
|
SRC="$1"
|
|
DST="$2"
|
|
ENTITLEMENT="$3"
|
|
|
|
if $in_place; then
|
|
trap 'rm "$DST.tmp"' exit
|
|
cp -af "$SRC" "$DST.tmp"
|
|
SRC="$DST.tmp"
|
|
else
|
|
cd "$MESON_INSTALL_DESTDIR_PREFIX"
|
|
fi
|
|
|
|
codesign --entitlements "$ENTITLEMENT" --force -s - "$SRC"
|
|
mv -f "$SRC" "$DST"
|
|
trap '' exit
|