diff options
| author | mark@chromium.org <mark@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-15 20:48:21 +0000 |
|---|---|---|
| committer | mark@chromium.org <mark@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-15 20:48:21 +0000 |
| commit | ac61a855a4af3c3535c03f01c9d12812519c67ae (patch) | |
| tree | 43ea13a3884afbf085b3b5d7f07eb6b33d05b5fa /chrome/installer/mac | |
| parent | 39d56bbcd31a70319887a78c8b3210c6a16a0b40 (diff) | |
| download | chromium_src-ac61a855a4af3c3535c03f01c9d12812519c67ae.zip chromium_src-ac61a855a4af3c3535c03f01c9d12812519c67ae.tar.gz chromium_src-ac61a855a4af3c3535c03f01c9d12812519c67ae.tar.bz2 | |
Implement Keychain reauthorization.
This implements chrome::browser::mac::KeychainReauthorize, which will rewrite
all Keychain items accessible to Chrome having an old requirement string
showing up in any ACL, transitioning them to the new requirement string, which
is now used when signing the application. Rewriting is handled by deleting the
old Keychain item and storing a new one in its place.
The transition code is not yet live, but the requirement string for signed
applications is.
BUG=108238
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10344009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@137235 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/installer/mac')
| -rw-r--r-- | chrome/installer/mac/sign_app.sh.in | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/chrome/installer/mac/sign_app.sh.in b/chrome/installer/mac/sign_app.sh.in index 3023806..61a9298 100644 --- a/chrome/installer/mac/sign_app.sh.in +++ b/chrome/installer/mac/sign_app.sh.in @@ -1,6 +1,6 @@ #!/bin/bash -p -# Copyright (c) 2011 The Chromium Authors. All rights reserved. +# Copyright (c) 2012 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. @@ -45,8 +45,15 @@ helper_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper.app" helper_eh_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper EH.app" helper_np_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper NP.app" +requirement_string="\ +(identifier \"com.google.Chrome\" or identifier \"com.google.Chrome.canary\") \ +and (certificate leaf = H\"85cee8254216185620ddc8851c7a9fc4dfe120ef\" or \ +certificate leaf = H\"9481882581d8178db8b1649c0eaa4f9eb11288f0\")\ +" + codesign -s "${codesign_id}" --keychain "${codesign_keychain}" \ - "${browser_app}" --resource-rules "${browser_app_rules}" + "${browser_app}" --resource-rules "${browser_app_rules}" \ + -r="${requirement_string}" # Verify everything. Check the framework and helper apps to make sure that the # signatures are present and weren't altered by the signing process. |