Skip to content

Commit

Permalink
pkg: explicitly timestamp signed binaries
Browse files Browse the repository at this point in the history 
use the --timestamp flag with codesign to timestamp all
of the binaries, when this flag is not used a system-specific
default behavior is invoked which may result in some but not all
code signatures being timestamped.
  • Loading branch information
@anjannath @praveenkumar
anjannath authored and praveenkumar committed Jun 23, 2022
1 parent c7c7b36 commit ee02851
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions packaging/package.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ function sign() {
if [ -f "${entitlements}" ]; then
opts="--entitlements ${entitlements}"
fi
codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --force ${opts} "$1"
codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force ${opts} "$1"
}

function signAppBundle() {
Expand All @@ -30,8 +30,8 @@ function signAppBundle() {
fi

frameworks=$(find "$1"/Contents/Frameworks -depth -type d -name "*.framework" -or -name "*.dylib" -or -type f -perm +111)
echo "${frameworks}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime % || true
codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --force --entitlements "${entitlements}" "$1"
echo "${frameworks}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp % || true
codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --timestamp --force --entitlements "${entitlements}" "$1"
}

binDir="${BASEDIR}/root/Applications/Red Hat OpenShift Local.app/Contents/Resources"
Expand Down

0 comments on commit ee02851

Please sign in to comment.