summaryrefslogtreecommitdiffstats
path: root/chrome/installer/mac/make_signers.sh
blob: 57d762821c6dabb0487f07162ead335963b7597c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/bash -p

# Copyright (c) 2009 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

# This script creates sign_app.sh and sign_versioned_dir.sh, the scripts that
# will be used to sign the application bundle and inner bundles. It also
# creates auxiliary files that these scripts need to do their jobs, such as
# the custom resource rules used to sign the outermost application bundle.
# The build places these in the "${mac_product_name} Packaging" directory next
# to the .app bundle. The packaging system is expected to run these scripts to
# sign everything.

set -eu

# Environment sanitization. Set a known-safe PATH. Clear environment variables
# that might impact the interpreter's operation. The |bash -p| invocation
# on the #! line takes the bite out of BASH_ENV, ENV, and SHELLOPTS (among
# other features), but clearing them here ensures that they won't impact any
# shell scripts used as utility programs. SHELLOPTS is read-only and can't be
# unset, only unexported.
export PATH="/usr/bin:/bin:/usr/sbin:/sbin"
unset BASH_ENV CDPATH ENV GLOBIGNORE IFS POSIXLY_CORRECT
export -n SHELLOPTS

ME="$(basename "${0}")"
readonly ME

if [[ ${#} -ne 3 ]]; then
  echo "usage: ${ME} packaging_dir mac_product_name version" >& 2
  exit 1
fi

packaging_dir="${1}"
mac_product_name="${2}"
version="${3}"

script_dir="$(dirname "${0}")"
in_files=(
  "${script_dir}/sign_app.sh.in"
  "${script_dir}/sign_versioned_dir.sh.in"
  "${script_dir}/app_resource_rules.plist.in"
)

# Double-backslash each dot: one backslash belongs in the regular expression,
# and the other backslash tells sed not to treat the first backslash
# specially.
version_regex="$(echo "${version}" | sed -e 's/\./\\\\./g')"

mkdir -p "${packaging_dir}"

for in_file in "${in_files[@]}"; do
  out_file="${packaging_dir}/$(basename "${in_file:0:${#in_file} - 3}")"
  sed -e "s/@MAC_PRODUCT_NAME@/${mac_product_name}/g" \
      -e "s/@VERSION@/${version}/g" \
      -e "s/@VERSION_REGEX@/${version_regex}/g" \
      < "${in_file}" \
      > "${out_file}"

  if [[ "${out_file: -3}" = ".sh" ]]; then
    chmod +x "${out_file}"
  fi
done