Use codesigning for the mac builds.

Requires the presence of 'macosx/configs/CS-ID.xcconfig' containing a valid codesign id listed in a CODE_SIGN_IDENTITY property.
Warzone2100 · Jul 31, 2012 · c4edfed · c4edfed
1 parent bf0d92d
commit c4edfed
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 15 deletions.
diff --git a/.gitignore b/.gitignore
@@ -213,7 +213,7 @@ tools/qwzm/ui_qwzm.h
 macosx/Warzone.xcodeproj/xcuserdata/*
 macosx/Warzone.xcodeproj/project.xcworkspace/xcuserdata/*
 macosx/Warzone.xcworkspace/xcuserdata/*
-macosx/configs/codeident
+macosx/configs/CS-ID.xcconfig
 
 # build folders
 /macosx/build/

diff --git a/macosx/Warzone.xcodeproj/project.pbxproj b/macosx/Warzone.xcodeproj/project.pbxproj
@@ -1600,6 +1600,7 @@
 		4333612111A07FB900380F5E /* QtOpenGL.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = QtOpenGL.framework; path = external/QT/QtOpenGL.framework; sourceTree = SOURCE_ROOT; };
 		4336D8A8111DDF0F0012E8E4 /* random.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = random.cpp; path = ../src/random.cpp; sourceTree = SOURCE_ROOT; };
 		4336D8A9111DDF0F0012E8E4 /* random.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = random.h; path = ../src/random.h; sourceTree = SOURCE_ROOT; };
+		433A44F715C6CA4000D1856A /* CS-ID.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = "CS-ID.xcconfig"; path = "configs/CS-ID.xcconfig"; sourceTree = SOURCE_ROOT; };
 		434117201495024C003F06FF /* wzconfig.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = wzconfig.cpp; path = ../lib/framework/wzconfig.cpp; sourceTree = SOURCE_ROOT; };
 		434117211495024C003F06FF /* wzconfig.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wzconfig.h; path = ../lib/framework/wzconfig.h; sourceTree = SOURCE_ROOT; };
 		4343651C149EA04800527137 /* template.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = template.cpp; path = ../src/template.cpp; sourceTree = SOURCE_ROOT; };
@@ -2765,6 +2766,7 @@
 		43025DEC1120A4B6006C49B1 /* Configurations */ = {
 			isa = PBXGroup;
 			children = (
+				433A44F715C6CA4000D1856A /* CS-ID.xcconfig */,
 				43CCDD9414BA502600B21363 /* Fribidi-All.xcconfig */,
 				43CCDD9514BA502600B21363 /* Fribidi-Debug.xcconfig */,
 				43CCDD9614BA502600B21363 /* Fribidi-Release.xcconfig */,
@@ -5386,6 +5388,7 @@
 		};
 		4389DBE5111B0A0700B98DEF /* StaticAnalyzer */ = {
 			isa = XCBuildConfiguration;
+			baseConfigurationReference = 433A44F715C6CA4000D1856A /* CS-ID.xcconfig */;
 			buildSettings = {
 				PRODUCT_NAME = "Make DMGs for Release";
 			};
@@ -5456,13 +5459,15 @@
 		};
 		43F77C8110F0125F00E04615 /* Debug */ = {
 			isa = XCBuildConfiguration;
+			baseConfigurationReference = 433A44F715C6CA4000D1856A /* CS-ID.xcconfig */;
 			buildSettings = {
 				PRODUCT_NAME = "Make DMGs for Release";
 			};
 			name = Debug;
 		};
 		43F77C8210F0125F00E04615 /* Release */ = {
 			isa = XCBuildConfiguration;
+			baseConfigurationReference = 433A44F715C6CA4000D1856A /* CS-ID.xcconfig */;
 			buildSettings = {
 				PRODUCT_NAME = "Make DMGs for Release";
 			};

diff --git a/macosx/configs/Base-Framework.xcconfig b/macosx/configs/Base-Framework.xcconfig
@@ -1,5 +1,7 @@
 // Global settings for all Framework configurations
 
+#include "CS-ID.xcconfig"
+
 
 INSTALL_PATH = @rpath
 DYLIB_COMPATIBILITY_VERSION = 1

diff --git a/macosx/configs/codesignrules.plist → macosx/configs/ResourceRules.plist b/macosx/configs/codesignrules.plist → macosx/configs/ResourceRules.plist
@@ -4,6 +4,8 @@
 <dict>
 	<key>rules</key>
 	<dict>
+		<key>^Frameworks/</key>
+		<false/>
 		<key>^Resources/</key>
 		<true/>
 		<key>^Resources/.*\.lproj/</key>
@@ -32,15 +34,27 @@
 			<key>weight</key>
 			<real>10</real>
 		</dict>
-		<key>^Resources/data/sequences.wz$</key>
+		<key>^Resources/data/sequences\.wz$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>30</real>
+		</dict>
+		<key>^Resources/WarzoneHelp/</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>30</real>
+		</dict>
+		<key>^Resources/data/music/music\.wpl$</key>
 		<dict>
 			<key>omit</key>
 			<true/>
 			<key>weight</key>
 			<real>30</real>
 		</dict>
-		<key>^info.plist$</key>
-		<true/>
 	</dict>
 </dict>
-</plist>
+</plist>
diff --git a/macosx/configs/Warzone-All.xcconfig b/macosx/configs/Warzone-All.xcconfig
@@ -1,6 +1,8 @@
 // Warzone settings for all configurations
 
 
+// CODE_SIGN_RESOURCE_RULES_PATH = "$(SRCROOT)/configs/ResourceRules.plist"
+
 INSTALL_PATH = $(HOME)/Applications
 LD_RUNPATH_SEARCH_PATHS = @loader_path/../Frameworks
 PREBINDING = NO

diff --git a/macosx/configs/mkdmgs.sh b/macosx/configs/mkdmgs.sh
@@ -12,7 +12,7 @@ sequencelonme="sequences-lo.wz"
 sequencelomd5="ab2bbc28cef2a3f2ea3c186e18158acd"
 relbuild="${CONFIGURATION_BUILD_DIR}/"
 dmgout="build/dmgout"
-coident="${SRCROOT}/configs/codeident"
+coident="${SRCROOT}/configs/ResourceRules.plist"
 
 # Fail if not release
 if [ ! "${CONFIGURATION}" = "Release" ]; then
@@ -24,20 +24,23 @@ fi
 signd () {
 	if [ -f "${coident}" ]; then
 		# Local Config
-		local idetd=`cat ${coident}`
-		local resrul="${SRCROOT}/configs/codesignrules.plist"
+		local idetd="${CODE_SIGN_IDENTITY}"
+		local resrul="${coident}"
 		local appth="/Volumes/Warzone 2100/Warzone.app"
 
 		# Sign app
-		codesign -vfs "${idetd}" --keychain "CodeSign" --verify --resource-rules="${resrul}" "${appth}"
+		cp -a "${resrul}" "${appth}/"
+		/usr/bin/codesign -f -s "${idetd}" --resource-rules="${appth}/ResourceRules.plist" "${appth}"
+		rm "${appth}/ResourceRules.plist"
+		/usr/bin/codesign -vvv --verify "${appth}"
 
 		# Sign the frameworks
-		local framelst=`\ls -1 "${appth}/Contents/Frameworks" | sed -n 's:.framework$:&:p'`
-		for fsignd in ${framelst}; do
-			if [ -d "${appth}/Contents/Frameworks/${fsignd}/Versions/A" ]; then
-				codesign -vfs "${idetd}" --keychain "CodeSign" --verify "${appth}/Contents/Frameworks/${fsignd}/Versions/A"
-			fi
-		done
+# 		local framelst=`\ls -1 "${appth}/Contents/Frameworks" | sed -n 's:.framework$:&:p'`
+# 		for fsignd in ${framelst}; do
+# 			if [ -d "${appth}/Contents/Frameworks/${fsignd}/Versions/A" ]; then
+# 				/usr/bin/codesign -f -s "${idetd}" -vvv --verify "${appth}/Contents/Frameworks/${fsignd}/Versions/A"
+# 			fi
+# 		done
 	else
 		echo "warning: No codeident file found; code will not be signed."
 	fi