VirtualBox

Changeset 83036 in vbox


Ignore:
Timestamp:
Feb 10, 2020 3:57:32 PM (5 years ago)
Author:
vboxsync
Message:

/Config.kmk: Darwin code signing fix for the CCS case (handling the entitlements option), using hardened runtime for Mach-O binaries (should be ignored for kexts). Plus a little cleanup in the darwin installer packaging, avoiding local signing of pkg files which should be handled by CCS. bugref:9466

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Config.kmk

    r83033 r83036  
    37063706  # @param 3  Additional codesign command line parameters, optional.
    37073707  if $(intersects darwin all 1,$(VBOX_WITH_CORP_CODE_SIGNING))
    3708    ## @todo cannot handle $(2), the identifier. $(3) is hopefully either empty or --deep
     3708   ## @todo cannot handle $(2), the identifier.
     3709   ## @todo $(3) is hopefully either empty, --deep or --entitlements=...
    37093710   VBOX_SIGN_BUNDLE_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB) \
    37103711        ditto -c -k --keepParent "$(1)" "$(1).zip"$(NLTAB) \
    3711         $(call VBOX_CCS_SIGN_CMD,apple,$(1).zip,,$(if $(eq $(3),--deep),-deep,))$(NLTAB) \
     3712        $(call VBOX_CCS_SIGN_CMD,apple,$(1).zip,,$(subst --entitlements=,-entitlement_file_path ,$(subst --deep,-deep,$(3))) \
     3713                $(if $(VBOX_WITH_MACOS_HARDENED_RUNTIME),-hardened_runtime))$(NLTAB) \
    37123714        ditto -x -k "$(1).zip" "$(1)/../"$(NLTAB) \
    37133715        $(RM) -f -- "$(1).zip"
     
    37313733  if $(intersects darwin all 1,$(VBOX_WITH_CORP_CODE_SIGNING))
    37323734   ## @todo cannot handle $(2), the identifier.
    3733    ## @todo must handle $(3) if entitlement.
    3734    VBOX_SIGN_MACHO_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB)$(call VBOX_CCS_SIGN_CMD,binary,$(1))
     3735   ## @todo $(3) is hopefully either empty or --entitlements=...
     3736   VBOX_SIGN_MACHO_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB) \
     3737        $(call VBOX_CCS_SIGN_CMD,binary,$(1),,$(subst --entitlements=,-entitlement_file_path ,$(3)) \
     3738                $(if $(VBOX_WITH_MACOS_HARDENED_RUNTIME),-hardened_runtime))
    37353739  else
    37363740   VBOX_SIGN_MACHO_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB)$(VBOX_CODESIGN) \

  • trunk/src/VBox/Installer/darwin/Makefile.kmk

    r83033 r83036  
    238238                --identifier org.VirtualBox.mpkg.virtualbox \
    239239                --version $(VBOX_VERSION_MAJOR).$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
    240                 $(if $(VBOX_MACOSX_INSTALLER_SIGN),--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \
     240                $(if-expr defined(VBOX_MACOSX_INSTALLER_SIGN) && $(intersects darwin all 1,$(VBOX_WITH_CORP_CODE_SIGNING)) == "",--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \
    241241                $@
    242242ifdef VBOX_SIGNING_MODE
     
    298298        $(foreach kext,$(VBOX_DI_KEXTS), \
    299299                $(NLTAB)$(INSTALL) -m 0755 $(VBOX_PATH_DIST)/$(kext).kext/Contents/MacOS/$(kext) $(VBOX_PATH_PACK_TMP)/VBoxKEXTs.pkg.root/$(kext).kext/Contents/MacOS/)
    300         @# Signed the kext bundles.
     300        @# Sign the kext bundles.
    301301ifdef VBOX_SIGNING_MODE
    302302        $(foreach kext,$(VBOX_DI_KEXTS) \
     
    330330                --install-location "/Library/Application Support/VirtualBox" \
    331331                --ownership preserve \
    332                 $(if $(VBOX_MACOSX_INSTALLER_SIGN),--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \
     332                $(if-expr defined(VBOX_MACOSX_INSTALLER_SIGN) && $(intersects darwin all 1,$(VBOX_WITH_CORP_CODE_SIGNING)) == "",--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \
    333333                $@
    334334ifdef VBOX_SIGNING_MODE
     
    700700                        $(VBOX_PATH_VBOX_APP_TMP)/Contents/MacOS/dtrace/$(file)$(NLTAB))
    701701endif
    702         @# Signed the binaries and the application bundle.
     702        @# Sign the binaries and the application bundle.
    703703ifdef VBOX_SIGNING_MODE
    704704        $(foreach qtmod, $(VBOX_QT_MOD_NAMES) \
     
    788788                --ownership preserve \
    789789                --preserve-xattr \
    790                 $(if $(VBOX_MACOSX_INSTALLER_SIGN),--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \
     790                $(if-expr defined(VBOX_MACOSX_INSTALLER_SIGN) && $(intersects darwin all 1,$(VBOX_WITH_CORP_CODE_SIGNING)) == "",--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \
    791791                $@
    792792ifdef VBOX_SIGNING_MODE
     
    875875                --install-location /usr/local/bin \
    876876                --ownership preserve \
    877                 $(if $(VBOX_MACOSX_INSTALLER_SIGN),--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \
     877                $(if-expr defined(VBOX_MACOSX_INSTALLER_SIGN) && $(intersects darwin all 1,$(VBOX_WITH_CORP_CODE_SIGNING)) == "",--sign "$(VBOX_MACOSX_INSTALLER_SIGN)",) \
    878878                $@
    879879ifdef VBOX_SIGNING_MODE
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette