[Pkg-owncloud-commits] [owncloud-client] 185/498: shell_i: Add a way to fail the build if the signing key doesn't match

[Sandro Knauß]

This is an automated email from the git hooks/post-receive script.

hefee-guest pushed a commit to branch master
in repository owncloud-client.

commit 18efc5eb6550cd9a2acb27d0d96c7a9fdfca5106
Author: Jocelyn Turcotte <jturcotte at woboq.com>
Date:   Mon Jun 22 13:53:56 2015 +0200

    shell_i: Add a way to fail the build if the signing key doesn't match
    
    This tries to catch error at build time instead of having
    to check the OS X console for errors afterward.
---
 admin/osx/sign_app.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/admin/osx/sign_app.sh b/admin/osx/sign_app.sh
index 22f4dff..b60ec61 100755
--- a/admin/osx/sign_app.sh
+++ b/admin/osx/sign_app.sh
@@ -1,12 +1,18 @@
 #!/bin/sh -xe
 
-[ "$#" -lt 2 ] && echo "Usage: sign_app.sh <app> <identity>" && exit
+[ "$#" -lt 2 ] && echo "Usage: sign_app.sh <app> <identity> <team_identifier>" && exit
 
 src_app="$1"
 identity="$2"
+team_identifier="$3"
 
-codesign -s "$identity" --force --verbose=4 --deep "$src_app"
+codesign -s "$identity" --force --preserve-metadata=entitlements --verbose=4 --deep "$src_app"
 
 # Verify the signature
 spctl -a -t exec -vv $src_app
 codesign -dv $src_app
+
+# Validate that the key used for signing the binary matches the expected TeamIdentifier
+# needed to pass the SocketApi through the sandbox
+codesign -dv $src_app 2>&1 | grep "TeamIdentifier=$team_identifier"
+exit $?
\ No newline at end of file

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud-client.git