Skip to content

Commit 03a9073

Browse files
Cong LiuLin Sun
Cong Liu
authored and
Lin Sun
committed
Make some fields in build.cfg to be optional
1 parent 2b3e79c commit 03a9073

File tree

2 files changed

+45
-31
lines changed

2 files changed

+45
-31
lines changed

tools/mas/build.cfg

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,21 @@
11
[Sign]
22
## [REQUIRED] Your Application Certificate Identity
33
ApplicationIdentity = 3rd Party Mac Developer Application: Foo (XXXXXXXXXX)
4-
## [REQUIRED] (for --pkg) Your Installer Certificate Identity
5-
InstallerIdentity = 3rd Party Mac Developer Installer: Foo (XXXXXXXXXX)
6-
## [Optional] (for --pkg) Installation path
7-
InstallPath = /Applications
8-
## [REQUIRED] Entitlements
4+
## [OPTIONAL] Parent entitlements file
95
ParentEntitlements = entitlements-parent.plist
6+
## [OPTIONAL] Child entitlements file
107
ChildEntitlements = entitlements-child.plist
8+
## [OPTIONAL] Sandbox. Default: Yes
9+
Sandbox = Yes
10+
11+
[Package]
12+
## [REQUIRED for --pkg] Your Installer Certificate Identity
13+
InstallerIdentity = 3rd Party Mac Developer Installer: Foo (XXXXXXXXXX)
14+
## [OPTIONAL for --pkg] Installation path
15+
InstallPath = /Applications
1116

1217
[Info.plist]
13-
## [REQUIRED] Your app bundle identifier
18+
## [OPTIONAL] Your app bundle identifier
1419
CFBundleIdentifier = your.app.bundle.id
1520
## [REQUIRED] Team ID obtained from Apple Developer -> Membership -> Team ID
1621
NWTeamID = XXXXXXXXXX

tools/mas/build_mas.py

Lines changed: 34 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -83,9 +83,9 @@ def read_config(args):
8383
config = ConfigParser.SafeConfigParser()
8484
config.optionxform = str # set to str to prevent transforming into lower cases
8585
config.read(args.config_file)
86-
check_options(config, 'Sign', ['ApplicationIdentity', 'ParentEntitlements', 'ChildEntitlements'], 'Missed options in [%s]: %s')
86+
check_options(config, 'Sign', ['ApplicationIdentity'], 'Missed options in [%s]: %s')
8787
if args.pkg:
88-
check_options(config, 'Sign', ['InstallerIdentity'], 'Missed options for --pkg in [%s]: %s')
88+
check_options(config, 'Package', ['InstallerIdentity'], 'Missed options for --pkg in [%s]: %s')
8989
return config
9090

9191
def copy_to_output(args):
@@ -161,36 +161,52 @@ def codesign_app(config, args):
161161
bundleid = get_bundle_id(args)
162162

163163
identity = config.get('Sign', 'ApplicationIdentity')
164-
parent = config.get('Sign', 'ParentEntitlements')
165-
child = config.get('Sign', 'ChildEntitlements')
164+
sandbox = True
165+
if config.has_option('Sign', 'Sandbox'):
166+
sandbox = config.getboolean('Sign', 'Sandbox')
166167

167-
(_, tmp_parent_entitlements) = tempfile.mkstemp()
168-
parent_entitlements = plistlib.readPlist(parent)
169-
teamid = get_from_info_plist(args, 'NWTeamID', default=None)
170-
if teamid is None:
171-
groupid = bundleid
168+
## sign child frameworks and helpers
169+
(_, tmp_child_entitlements) = tempfile.mkstemp()
170+
if config.has_option('Sign', 'ChildEntitlements'):
171+
child = config.get('Sign', 'ChildEntitlements')
172+
child_entitlements = plistlib.readPlist(child)
172173
else:
173-
groupid = '%s.%s' % (teamid, bundleid)
174+
child_entitlements = {
175+
'com.apple.security.app-sandbox' : sandbox,
176+
'com.apple.security.inherit' : True
177+
}
174178

175-
(_, tmp_child_entitlements) = tempfile.mkstemp()
176-
child_entitlements = plistlib.readPlist(child)
177179
plistlib.writePlist(child_entitlements, tmp_child_entitlements)
178180
info('Child entitlements: %s' % tmp_child_entitlements)
179181
framework = glob(args.output, 'nwjs Framework.framework', returnOnFound=True)
180182
system('codesign -f --verbose -s "%s" --entitlements %s --deep "%s"' % (identity, tmp_child_entitlements, framework))
181183
helperApp = glob(args.output, 'nwjs Helper.app', returnOnFound=True)
182184
system('codesign -f --verbose -s "%s" --entitlements %s --deep "%s"' % (identity, tmp_child_entitlements, helperApp))
183185

186+
## sign parent app
187+
(_, tmp_parent_entitlements) = tempfile.mkstemp()
188+
if config.has_option('Sign', 'ParentEntitlements'):
189+
parent = config.get('Sign', 'ParentEntitlements')
190+
parent_entitlements = plistlib.readPlist(parent)
191+
else:
192+
parent_entitlements = {}
193+
teamid = get_from_info_plist(args, 'NWTeamID', default=None)
194+
if teamid is None:
195+
groupid = bundleid
196+
else:
197+
groupid = '%s.%s' % (teamid, bundleid)
198+
parent_entitlements['com.apple.security.app-sandbox'] = sandbox
184199
parent_entitlements['com.apple.security.application-groups'] = [groupid]
185200
plistlib.writePlist(parent_entitlements, tmp_parent_entitlements)
201+
186202
info('Parent entitlements: %s' % tmp_parent_entitlements)
187203
system('codesign -f --verbose -s "%s" --entitlements %s --deep "%s"' % (identity, tmp_parent_entitlements, args.output))
188204

189205
def productbuild(config, args):
190206
print '\nRunning productbuild'
191-
installer_identity = config.get('Sign', 'InstallerIdentity')
192-
if config.has_option('Sign', 'InstallPath'):
193-
install_path = config.get('Sign', 'InstallPath')
207+
installer_identity = config.get('Package', 'InstallerIdentity')
208+
if config.has_option('Package', 'InstallPath'):
209+
install_path = config.get('Package', 'InstallPath')
194210
else:
195211
install_path = '/Applications'
196212
system('productbuild --component "%s" "%s" --sign "%s" "%s"' % (args.output, install_path, installer_identity, args.pkg))
@@ -200,28 +216,21 @@ def main():
200216
parser.add_argument('-C', '--config-file', default='build.cfg', help='config file. (default: build.cfg)')
201217
parser.add_argument('-I', '--input', default='nwjs.app', help='path to input app. (default: nwjs.app)')
202218
parser.add_argument('-O', '--output', default='nwjs_output.app', help='path to output app. (default: nwjs_output.app)')
203-
parser.add_argument('-S', '--sign-only', default=False, help='run codesign without patching the app. (default: False)', action='store_true')
219+
parser.add_argument('-S', '--skip-patching', default=False, help='run codesign without patching the app. (default: False)', action='store_true')
204220
parser.add_argument('-P', '--pkg', default=None, help='run productbuild to generate .pkg after codesign. (default: None)')
205221
parser.add_argument('-V', '--verbose', default=False, help='display detailed information. (default: False)', action='store_true')
206222
args = parser.parse_args()
207223

208224
global verbose
209225
verbose = args.verbose
210226

211-
if args.sign_only:
212-
info('Running in Sign Only mode. Only [Sign] section is used in config file')
213-
214-
if args.pkg:
215-
info('--pkg is ignored in Sign Only mode.')
216-
217-
218227
# read config file
219228
config = read_config(args)
220229

221230
# make a copy
222231
copy_to_output(args)
223232

224-
if not args.sign_only:
233+
if not args.skip_patching:
225234
# patch Info.plist
226235
patch_info_plist(config, args)
227236

@@ -235,7 +244,7 @@ def main():
235244
# codesign
236245
codesign_app(config, args)
237246

238-
if not args.sign_only and args.pkg:
247+
if args.pkg:
239248
productbuild(config, args)
240249

241250
print '\nDone.'

0 commit comments

Comments
 (0)