forked from thefloweringash/sigtool
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcodesign.sh
executable file
·65 lines (53 loc) · 1.3 KB
/
codesign.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/env bash
# Mimic a subset of the interface of codesign
# Requires mktemp from coreutils
set -euo pipefail
allocate=${CODESIGN_ALLOCATE-codesign_allocate}
while getopts "i:s:fv" opt; do
case "$opt" in
i)
global_identifier=$OPTARG
;;
s)
# signing identity
if [ "$OPTARG" != - ]; then
echo "Only adhoc signatures supported" >&2
exit 1
fi
;;
f)
# force
;;
v)
# verbose
verbose=1
;;
?)
echo "Invalid options" >&2
exit 1
;;
esac
done
shift $((OPTIND-1))
signDarwinBinary() {
local path="$1"
local sigsize arch identifier tempfile
local -a allocate_archs=()
# This only supports mktemp for coreutils
tempfile=$(mktemp -p "$(dirname "$path")" "$(basename "$path").XXXXXX")
identifier=${global_identifier-$(basename "$path")}
arch=$(sigtool --file "$path" show-arch)
while read -r arch sigsize; do
sigsize=$(( ((sigsize + 15) / 16) * 16 + 1024 ))
allocate_archs+=(-a "$arch" "$sigsize")
done < <(sigtool --file "$path" size)
"$allocate" -i "$path" "${allocate_archs[@]}" -o "$tempfile"
sigtool --identifier "$identifier" --file "$tempfile" inject
mv -f "$tempfile" "$path"
}
if [ "${verbose-}" ]; then
set -x
fi
for f in "$@"; do
signDarwinBinary "$f"
done