DRTVWR-520 SLPlugin signing and hardened runtime for viewer

master
Andrey Lihatskiy 2021-04-27 06:11:17 +03:00
parent 430661f135
commit 5d21daf2db
1 changed files with 5 additions and 6 deletions

View File

@ -1289,16 +1289,15 @@ class DarwinManifest(ViewerManifest):
sign_retry_wait=15
libvlc_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_libvlc.dylib"
cef_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_cef.dylib"
slplugin_path = app_in_dmg + "Contents/Resources/SLPlugin.app/Contents/MacOS/SLPlugin"
while (not signed) and (sign_attempts > 0):
try:
sign_attempts-=1;
# Note: See blurb above about names of keychains
self.run_command(['codesign', '--force', '--timestamp','--keychain', viewer_keychain, '--sign', identity, libvlc_path])
self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, cef_path])
self.run_command(
# Note: See blurb above about names of keychains
['codesign', '--verbose', '--deep', '--force',
'--keychain', viewer_keychain, '--sign', identity,
app_in_dmg])
self.run_command(['codesign', '--verbose', '--deep', '--force', '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, slplugin_path])
self.run_command(['codesign', '--verbose', '--deep', '--force', '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, app_in_dmg])
signed=True # if no exception was raised, the codesign worked
except ManifestError as err:
if sign_attempts:
@ -1361,7 +1360,7 @@ class LinuxManifest(ViewerManifest):
with self.prefix(dst="bin"):
self.path("secondlife-bin","do-not-directly-run-secondlife-bin")
self.path("../linux_crash_logger/linux-crash-logger","linux-crash-logger.bin")
self.path2basename("../llplugin/slplugin", "SLPlugin")
self.path2basename("../llplugin/slplugin", "SLPlugin")
#this copies over the python wrapper script, associated utilities and required libraries, see SL-321, SL-322 and SL-323
with self.prefix(src="../viewer_components/manager", dst=""):
self.path("*.py")