Index: /trunk/Config.kmk =================================================================== --- /trunk/Config.kmk (revision 75279) +++ /trunk/Config.kmk (revision 75280) @@ -3621,11 +3621,14 @@ endif - # The above version with complicated requirements is what Xcode 5.0.1GM suggest for kexts. + ## Sign an application bundle, framework or kernel extension. + # @param 1 The bundle to sign. + # @param 2 Identifier, optional. + # @param 3 Additional codesign command line parameters, optional. ifdef VBOX_WITH_CORP_CODE_SIGNING ## @todo cannot handle $(2), the identifier. $(3) is hopefully either empty or --deep VBOX_SIGN_BUNDLE_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB) \ - ditto -c -k $(1) $(1).zip$(NLTAB) \ - $(call VBOX_CCS_SIGN_CMD,apple,$(1).zip,,$(3))$(NLTAB) \ - ditto -x -k $(1).zip $(1) + ditto -c -k --keepParent $(1) $(1).zip$(NLTAB) \ + $(call VBOX_CCS_SIGN_CMD,apple,$(1).zip,,$(3))$(NLTAB) \ + ditto -x -k $(1).zip $(1)/../ else VBOX_SIGN_BUNDLE_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB)$(VBOX_CODESIGN) \ @@ -3634,5 +3637,5 @@ --file-list - \ $(if-expr defined(VBOX_TSA_URL),--timestamp="$(VBOX_TSA_URL)") \ - $(3) \ + $(3) \ $(VBOX_CERTIFICATE_SUBJECT_NAME_ARGS) \ $(1) $(if $(2),--identifier "$(2)",) @@ -3640,7 +3643,11 @@ ## Sign a Mach-O image. - # @param 1 The bundle to sign. + # @param 1 The file to sign. # @param 2 Identifier, optional. - VBOX_SIGN_MACHO_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB)$(VBOX_CODESIGN) \ + ifdef VBOX_WITH_CORP_CODE_SIGNING + ## @todo cannot handle $(2), the identifier. + VBOX_SIGN_MACHO_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB)$(call VBOX_CCS_SIGN_CMD,binary,$(1)) + else + VBOX_SIGN_MACHO_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB)$(VBOX_CODESIGN) \ --verbose=9 \ --force \ @@ -3650,14 +3657,19 @@ $(1) \ $(if $(2),--identifier "$(2)",) + endif ## Sign a VMM Mach-O image. - # @param 1 The bundle to sign. + # @param 1 The file to sign. # @param 2 Identifier, optional. VBOX_SIGN_VMM_MOD_FN = $(VBOX_SIGN_MACHO_FN) ## Sign a non-executable file. - # @param 1 The bundle to sign. + # @param 1 The file to sign. # @param 2 Identifier, optional. - VBOX_SIGN_FILE_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB)$(VBOX_CODESIGN) \ + ifdef VBOX_WITH_CORP_CODE_SIGNING + ## @todo cannot handle $(2), the identifier. + VBOX_SIGN_FILE_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB)$(call VBOX_CCS_SIGN_CMD,binary,$(1)) + else + VBOX_SIGN_FILE_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB)$(VBOX_CODESIGN) \ --verbose=9 \ --force \ @@ -3667,4 +3679,25 @@ $(1) \ $(if $(2),--identifier "$(2)",) + endif + + ## Sign a DMG image. + # @param 1 The file to sign. + # @param 2 Identifier, optional. + ifdef VBOX_WITH_CORP_CODE_SIGNING + ## @todo cannot handle $(2), the identifier. + VBOX_SIGN_DMG_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB) \ + $(call VBOX_CCS_SIGN_CMD,mac_dmg,$(1))$(NLTAB) \ + ditto -x -k $(1).zip $(dir $(1)) + else + VBOX_SIGN_DMG_FN = $(VBOX_SIGN_FILE_FN) + endif + + ## Sign a PKG file. Used with corp code signing only. + # @param 1 The file to sign. + # @param 2 Identifier, optional. + ifdef VBOX_WITH_CORP_CODE_SIGNING + ## @todo cannot handle $(2), the identifier. + VBOX_SIGN_PKG_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB)$(call VBOX_CCS_SIGN_CMD,mac_pkg,$(1)) \ + endif ## @def VBOX_TEST_SIGN_KEXT Index: /trunk/src/VBox/Installer/darwin/Makefile.kmk =================================================================== --- /trunk/src/VBox/Installer/darwin/Makefile.kmk (revision 75279) +++ /trunk/src/VBox/Installer/darwin/Makefile.kmk (revision 75280) @@ -164,5 +164,5 @@ ifndef VBOX_WITHOUT_SIGNED_DMG @# Sign the created dmg. - $(call VBOX_SIGN_FILE_FN,$@,org.virtualbox.dmg) + $(call VBOX_SIGN_DMG_FN,$@,org.virtualbox.dmg) endif endif @@ -239,4 +239,10 @@ $(if $(VBOX_MACOSX_INSTALLER_SIGN),--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \ $@ +ifdef VBOX_SIGNING_MODE + ifdef VBOX_WITH_CORP_CODE_SIGNING + @# Sign the created pkg. + $(call VBOX_SIGN_PKG_FN,$@,org.VirtualBox.mpkg.virtualbox) + endif +endif @# Cleanup. sudo rm -Rf \ @@ -325,4 +331,10 @@ $(if $(VBOX_MACOSX_INSTALLER_SIGN),--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \ $@ +ifdef VBOX_SIGNING_MODE + ifdef VBOX_WITH_CORP_CODE_SIGNING + @# Sign the created pkg. + $(call VBOX_SIGN_PKG_FN,$@,org.virtualbox.pkg.vboxkexts) + endif +endif @# Cleanup sudo chown -R "$(shell whoami)" \ @@ -816,4 +828,10 @@ $(if $(VBOX_MACOSX_INSTALLER_SIGN),--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \ $@ +ifdef VBOX_SIGNING_MODE + ifdef VBOX_WITH_CORP_CODE_SIGNING + @# Sign the created pkg. + $(call VBOX_SIGN_PKG_FN,$@,org.virtualbox.pkg.virtualbox) + endif +endif @# Cleanup sudo chown -R "$(shell whoami)" \ @@ -891,4 +909,10 @@ $(if $(VBOX_MACOSX_INSTALLER_SIGN),--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \ $@ +ifdef VBOX_SIGNING_MODE + ifdef VBOX_WITH_CORP_CODE_SIGNING + @# Sign the created pkg. + $(call VBOX_SIGN_PKG_FN,$@,org.virtualbox.pkg.virtualboxcli) + endif +endif @# Cleanup sudo chown -R "$(shell whoami)" \