Optionally sign both the Mac app bundle and the disk image. Fixes #1821

pkg/mac/.gitignore

@@ -1,3 +1,4 @@
 # Global excludes across all subdirectories
 debug.pgadmin.Info.plist
 pgadmin.Info.plist
+codesign.conf

pkg/mac/Info.plist-template_Python

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundlePackageType</key>
+	<string>FMWK</string>
+	<key>CFBundleShortVersionString</key>
+	<string>__SHORT_VERSION__</string>
+	<key>CFBundleVersion</key>
+	<string>__FULL_VERSION__</string>
+	<key>CFBundleGetInfoString</key>
+	<string>Created by Qt/QMake</string>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundleExecutable</key>
+	<string>__FRAMEWORK_NAME__</string>
+	<key>CFBundleIdentifier</key>
+	<string>org.pgadmin.__FRAMEWORK_NAME__</string>
+	<key>NOTE</key>
+	<string>Please, do NOT change this file -- It was generated by Qt/QMake.</string>
+</dict>
+</plist>

pkg/mac/Info.plist-template_Qt5

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundlePackageType</key>
+	<string>FMWK</string>
+	<key>CFBundleShortVersionString</key>
+	<string>__SHORT_VERSION__</string>
+	<key>CFBundleVersion</key>
+	<string>__FULL_VERSION__</string>
+	<key>CFBundleGetInfoString</key>
+	<string>Created by Qt/QMake</string>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundleExecutable</key>
+	<string>__FRAMEWORK_NAME__</string>
+	<key>CFBundleIdentifier</key>
+	<string>org.qt-project.__FRAMEWORK_NAME__</string>
+	<key>NOTE</key>
+	<string>Please, do NOT change this file -- It was generated by Qt/QMake.</string>
+</dict>
+</plist>

pkg/mac/build.sh

@@ -166,6 +166,22 @@ _complete_bundle() {
 
 }
 
+_codesign_bundle() {
+    cd $SOURCEDIR/pkg/mac
+    
+    if [ ! -f codesign.conf ]; then
+        echo
+        echo "******************************************************************"
+        echo "* codesign.conf not found. NOT signing the bundle."
+        echo "******************************************************************"
+        echo
+        sleep 5
+        return
+    fi
+
+    ./codesign-bundle.sh "$BUILDROOT/$APP_BUNDLE_NAME" || { echo codesign-bundle.sh failed; exit 1; }    
+}
+
 _create_dmg() {
     cd $SOURCEDIR
     ./pkg/mac/create-dmg.sh || { echo create-dmg.sh failed; exit 1; }
@@ -173,9 +189,27 @@ _create_dmg() {
     rm -rf $BUILDROOT/*
 }
 
+_codesign_dmg() {
+    cd $SOURCEDIR/pkg/mac
+    
+    if [ ! -f codesign.conf ]; then
+        echo
+        echo "******************************************************************"
+        echo "* codesign.conf not found. NOT signing the disk image."
+        echo "******************************************************************"
+        echo
+        sleep 5
+        return
+    fi
+
+    ./codesign-dmg.sh || { echo codesign-bundle.sh failed; exit 1; }    
+}
+
 _get_version || { echo Could not get versioning; exit 1; }
 _cleanup
 _build_runtime || { echo Runtime build failed; exit 1; }
 _build_doc
 _complete_bundle
+_codesign_bundle
 _create_dmg
+_codesign_dmg

pkg/mac/codesign-bundle.sh

@@ -0,0 +1,78 @@
+#!/bin/sh
+
+BUNDLE="$1"
+
+if ! test -d "${BUNDLE}" ; then
+	echo "${BUNDLE} is no bundle!" >&2
+	exit 1
+fi
+
+# Get the config
+source codesign.conf
+
+SCRIPT_DIR=`pwd`
+
+echo Reorganising the framework structure
+
+# Create "Current" and "Current/Resources" inside each of the framework dirs
+MYDIR=`pwd`
+find "${BUNDLE}/Contents/Frameworks"/*framework -type d -name "Versions" | while read -r myVar; do
+  cd "${myVar}"
+
+  # Create framework 'Current' soft link
+  VERSION_NUMBER=`ls -1`
+  ln -s $VERSION_NUMBER Current
+
+  # Create "Resources" subdirectory
+  mkdir Current/Resources
+
+  cd "${MYDIR}"
+done
+
+# Stuff for Qt framework files only
+find "${BUNDLE}/Contents/Frameworks" -type d -name "Qt*framework" | while read -r myVar; do
+  cd "${myVar}"
+
+  # Create soft link to the framework binary
+  ln -s Versions/Current/Qt*
+
+  # Create soft link to the framework Resources dir
+  ln -s Versions/Current/Resources
+
+  # Create the Info.plist files
+  MYNAME=`ls -1 Qt*`
+  sed 's/__SHORT_VERSION__/${QT_SHORT_VERSION}/' "${SCRIPT_DIR}/Info.plist-template_Qt5" | sed 's/__FULL_VERSION__/${QT_FULL_VERSION}/' | sed "s/__FRAMEWORK_NAME__/${MYNAME}/" > "Resources/Info.plist"
+
+  cd "${MYDIR}"
+done
+
+# Same thing, but specific to the Python framework dir
+find "${BUNDLE}/Contents/Frameworks" -type d -name "P*framework" | while read -r myVar; do
+  cd "${myVar}"
+
+  # Create soft link to the framework binary
+  ln -s Versions/Current/Py*
+
+  # Create soft link to the framework Resources dir
+  ln -s Versions/Current/Resources
+
+  # Create the Info.plist files
+  MYNAME=`ls -1 Py*`
+  sed 's/__SHORT_VERSION__/${PYTHON_SHORT_VERSION}/' "${SCRIPT_DIR}/Info.plist-template_Python" | sed 's/__FULL_VERSION__/${PYTHON_FULL_VERSION}/' | sed "s/__FRAMEWORK_NAME__/${MYNAME}/" > "Resources/Info.plist"
+
+  cd "${MYDIR}"
+done
+
+# Sign the .app
+echo Signing ${BUNDLE}
+codesign --sign "${DEVELOPER_ID}" --verbose --deep --force "${BUNDLE}"
+
+# Verify it worked
+echo Verifying the signature
+codesign --verify --verbose --deep --force "${BUNDLE}"
+RETURN_STATUS=$?
+if [ $RETURN_STATUS -ne 0 ]; then
+  echo Code signing did not work, check the log
+else
+  echo ${BUNDLE} successfully signed
+fi

pkg/mac/codesign-dmg.sh

@@ -0,0 +1,29 @@
+#!/bin//sh
+
+DMG_VOLUME_NAME=$APP_NAME
+DMG_NAME=`echo $DMG_VOLUME_NAME | sed 's/ //g' | awk '{print tolower($0)}'`
+DMG_IMAGE=$DISTROOT/$DMG_NAME-$APP_LONG_VERSION.dmg
+
+if ! test -f "${DMG_IMAGE}" ; then
+	echo "${DMG_IMAGE} is no disk image!" >&2
+	exit 1
+fi
+
+# Get the config
+source codesign.conf
+
+SCRIPT_DIR=`pwd`
+
+# Sign the .app
+echo Signing ${DMG_IMAGE}
+codesign --sign "${DEVELOPER_ID}" --verbose --force "${DMG_IMAGE}"
+
+# Verify it worked
+echo Verifying the signature
+codesign --verify --verbose --force "${DMG_IMAGE}"
+RETURN_STATUS=$?
+if [ $RETURN_STATUS -ne 0 ]; then
+  echo ERROR: Code signing did not work
+else
+  echo ${DMG_IMAGE} successfully signed
+fi

pkg/mac/codesign.conf.in

@@ -0,0 +1,14 @@
+# In order to enable codesigning of the Mac Appbundle, copy this file to
+# codesign.conf, and edit the value below to reflect your developer ID
+
+DEVELOPER_ID="Developer ID Application: My Name (12345ABCD)"
+
+# Edit the settings below if different versions of Python/Qt are used
+
+PYTHON_SHORT_VERSION=2.7
+PYTHON_FULL_VERSION=2.7.0
+
+QT_SHORT_VERSION=5.5
+QT_FULL_VERSION=5.5.1
+
+