]>
git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/gke/gkhandmake
3 # gkhandmake - manually create a recorded snippet
5 # gkhandmake path type source outputfile
19 print >>sys
.stderr
, "Usage: %s program specfile outputfile" % sys
.argv
[0]
23 print >>sys
.stderr
, "%s: %s" % (sys
.argv
[0], whatever
)
30 if len(sys
.argv
) != 4:
32 path
=os
.path
.abspath(sys
.argv
[1])
34 outputfile
= sys
.argv
[3]
35 type=1 # always execution
39 # If the output file already exists, bail
41 if os
.path
.exists(outputfile
):
42 fail("already exists: %s" % outputfile
)
46 # We'll let the detached signature live in case we need to inspect it
48 sigpath
= "/tmp/%s.dsig" % os
.path
.basename(path
.strip('/'))
52 # Generate an adhoc detached signature with the given resource specification
55 display
= subprocess
.check_call(["/usr/bin/codesign",
57 "--detached", sigpath
,
58 "--resource-rules", specfile
,
64 # Now verify it so we can extract the cdhash
66 display
= subprocess
.Popen(["/usr/bin/codesign",
67 "--display", "--verbose=3",
68 "--detached", sigpath
,
70 ], stderr
=subprocess
.PIPE
)
71 (stdout
, stderr
) = display
.communicate()
74 for line
in stderr
.split('\n'):
75 if line
.startswith("CDHash="):
79 fail("no cdhash in generated signature?!")
83 # Pack up a single (detached) signature as a snippet
84 # under the given path
86 with open(sigpath
, "r") as sigfile
:
87 sigdata
= sigfile
.read()
101 signature
=plistlib
.Data(sigdata
)
107 plistlib
.writePlist(gkedict
, outputfile
)