[msbuild] Always codesign the framework directory, not what's inside (#10309)
**Example #1.** Signing a framework binary is the **same** thing as signing the framework directory. ``` $ codesign -v --force --timestamp=none --sign - bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework/lame bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework/lame: replacing existing signature bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework/lame: signed bundle with Mach-O thin (arm64) [io.sourceforge.lame] $ codesign -v --force --timestamp=none --sign - bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework: replacing existing signature bin/iPhone/Release/xcf_ios.app//Frameworks/lame.framework: signed bundle with Mach-O thin (arm64) [io.sourceforge.lame] ``` Nice right ? Pretty much until... **Example #2.** Signing a framework binary is **NOT** the **same** thing as signing the framework directory. ``` $ codesign -v --force --timestamp=none --sign - bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework/flac bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework/flac: replacing existing signature bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework/flac: signed Mach-O thin (arm64) [flac-55554944583d2f02282c33d8bfed082daa857e30] $ codesign -v --force --timestamp=none --sign - bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework: replacing existing signature bin/iPhone/Release/xcf_ios.app//Frameworks/flac.framework: signed bundle with Mach-O thin (arm64) [org.xiph.flac] ``` In this case signing the binary `flac` does not produce the `_CodeSignature` directory and fails our msbuild Codesign task The fix is to detect if we're signing a framework like `A.framework/A` and change this to sign `A.framework` as this will always work.
This commit is contained in:
Родитель
28791b6e2a
Коммит
0709c8882f
|
@ -140,7 +140,16 @@ namespace Xamarin.MacDev.Tasks
|
|||
if (!string.IsNullOrEmpty (ExtraArgs))
|
||||
args.Add (ExtraArgs);
|
||||
|
||||
args.Add (Path.GetFullPath (item.ItemSpec));
|
||||
// signing a framework and a file inside a framework is not *always* identical
|
||||
// on macOS apps {item.ItemSpec} can be a symlink to `Versions/Current/{item.ItemSpec}`
|
||||
// and `Current` also a symlink to `A`... and `_CodeSignature` will be found there
|
||||
var path = PathUtils.ResolveSymbolicLinks (item.ItemSpec);
|
||||
var parent = Path.GetDirectoryName (path);
|
||||
|
||||
// so do not don't sign `A.framework/A`, sign `A.framework` which will always sign the *bundle*
|
||||
if ((Path.GetExtension (parent) == ".framework") && (Path.GetFileName (path) == Path.GetFileNameWithoutExtension (parent)))
|
||||
path = parent;
|
||||
args.Add (Path.GetFullPath (path));
|
||||
|
||||
return args;
|
||||
}
|
||||
|
@ -230,14 +239,6 @@ namespace Xamarin.MacDev.Tasks
|
|||
}
|
||||
} else if (File.Exists (item.ItemSpec)) {
|
||||
codesignedFiles.Add (item);
|
||||
|
||||
// on macOS apps {item.ItemSpec} can be a symlink to `Versions/Current/{item.ItemSpec}`
|
||||
// and `Current` also a symlink to `A`... and `_CodeSignature` will be found there
|
||||
var path = PathUtils.ResolveSymbolicLinks (item.ItemSpec);
|
||||
var dirName = Path.GetDirectoryName (path);
|
||||
|
||||
if (Path.GetExtension (dirName) == ".framework")
|
||||
codesignedFiles.AddRange (Directory.EnumerateFiles (Path.Combine (dirName, CodeSignatureDirName)).Select (x => new TaskItem (x)));
|
||||
}
|
||||
|
||||
return codesignedFiles;
|
||||
|
|
Загрузка…
Ссылка в новой задаче