diff options
author | David Williams | 2016-05-03 16:59:12 +0000 |
---|---|---|
committer | David Williams | 2016-05-03 16:59:12 +0000 |
commit | 2473d75058d1000cf4756a8361b1ddef9a271953 (patch) | |
tree | 7bc208dd9971f7a143591aa7e4383fcd35066f15 | |
parent | 48f6f29935affb924daa01744a4e4a14f9afe84e (diff) | |
download | eclipse.platform.releng-2473d75058d1000cf4756a8361b1ddef9a271953.tar.gz eclipse.platform.releng-2473d75058d1000cf4756a8361b1ddef9a271953.tar.xz eclipse.platform.releng-2473d75058d1000cf4756a8361b1ddef9a271953.zip |
Bug 445108 - bare bones beginning of checking if Mac is signed
Change-Id: Id41e56721438e3ef210d5a790da7f012d44d3cdd
-rw-r--r-- | bundles/org.eclipse.releng.tests/src/org/eclipse/releng/tests/CheckMacSignatures.java | 41 | ||||
-rwxr-xr-x | bundles/org.eclipse.releng.tests/src/org/eclipse/releng/tests/checkSignature | 61 |
2 files changed, 102 insertions, 0 deletions
diff --git a/bundles/org.eclipse.releng.tests/src/org/eclipse/releng/tests/CheckMacSignatures.java b/bundles/org.eclipse.releng.tests/src/org/eclipse/releng/tests/CheckMacSignatures.java new file mode 100644 index 00000000..2256eb9d --- /dev/null +++ b/bundles/org.eclipse.releng.tests/src/org/eclipse/releng/tests/CheckMacSignatures.java @@ -0,0 +1,41 @@ + +package org.eclipse.releng.tests; + +import java.util.Properties; + +import org.junit.Before; +import org.junit.Test; + +public class CheckMacSignatures { + + static boolean runningOnMac; + static String eclipseInstall; + + public CheckMacSignatures() { + + } + + @Before + public void checkIfOnMac() { + String os = System.getProperty("osgi.os"); + if ("macosx".equals(os)) { + runningOnMac = true; + eclipseInstall = System.getProperty("eclipse.install.location"); + } + // temp + System.out.println("eclipse.home: " + System.getProperty("eclipse.home")); + System.out.println("eclipse.home.location: " + System.getProperty("eclipse.home.location")); + System.out.println("All properties"); + Properties allProperties = System.getProperties(); + allProperties.list(System.out); + } + + @Test + public void checkSignature() { + if (!runningOnMac) { + System.out.println("Not running on Mac. No need to check Mac signature"); + } else { + System.out.println("Eclipse Install location: " + eclipseInstall); + } + } +} diff --git a/bundles/org.eclipse.releng.tests/src/org/eclipse/releng/tests/checkSignature b/bundles/org.eclipse.releng.tests/src/org/eclipse/releng/tests/checkSignature new file mode 100755 index 00000000..22fe3661 --- /dev/null +++ b/bundles/org.eclipse.releng.tests/src/org/eclipse/releng/tests/checkSignature @@ -0,0 +1,61 @@ +#!/usr/bin/env bash + +# small utility to check signature of app on the mac. Assumes the XCode tools installed. + +appPathAndName=$1 +if [[ -z "${appPathAndName}" ]] +then + echo -e "\n\t[ERROR] Programming error. The applications path and name must be specified for $(basename $0)" + exit 1 +fi + +if [[ ! -e "${appPathAndName}" ]] +then + echo -e "\n\t[ERROR] Programning error in $(basename $0). The applications path and name was specified, but did not exist,\n\t\tWas specified as ${appPathAndName}" + exit 2 +fi +SPCTL=$(which spctl) +if [[ -z "${SPCTL}" ]] +then + echo "\n\t[ERROR} spctl was not found on this system to check signatures" + exit 3 +fi +CODESIGN=$(which codesign) +if [[ -z "${CODESIGN}" ]] +then + echo "\n\t[ERROR codesign was not found on this system to check signatures" + exit 4 +fi + +echo -e "\n\t${SPCTL} -a -t exec -vvvv $appPathAndName\n" +"${SPCTL}" -a -t exec -vvvv "$appPathAndName" +RCspctl=$? +if [[ $RCspctl != 0 ]] +then + echo -e "\n\tspctl returned $RCspctl" +fi +# display always returns 0 apparently +echo -e "\n\t${CODESIGN} --verbose=4 --display --deep -r- $appPathAndName\n" +"${CODESIGN}" --verbose=4 --display --deep --continue -r- "$appPathAndName" +# verify for return code +echo -e "\n\t${CODESIGN} --verbose=4 --verify --deep --continue -r- $appPathAndName\n" +"${CODESIGN}" --verbose=4 --verify --deep --continue -r- "$appPathAndName" +RCcodesign=$? +if [[ $RCcodesign != 0 ]] +then + echo -e "\n\tcodesign returned $RCcodesign" +fi +# according to man pages, return code of 1 means "not correctly signed". +# other return codes (2, 3) mean things like "arguments not correct" +if [[ $RCspctl == 1 || $RCcodesign == 1 ]] +then + echo -e "\n\t[ERROR] The application $appPathAndName was not correctly signed" + exit $(( $RCspctl & $RCcodesign )) +fi +if [[ $RCspctl != 0 || $RCcodesign != 0 ]] +then + echo -e "\n\t[ERROR] The verification arguments while checking $appPathAndName were not correct" + exit $(( $RCspctl & $RCcodesign )) +fi +exit 0 + |