From 608cf5c6761297e7625cd3421bdc2c2a1e1f35e8 Mon Sep 17 00:00:00 2001 From: Ben Soares Date: Fri, 20 Sep 2024 14:35:18 +0100 Subject: [PATCH] JAL-4428 Added a search/replace in given file for SHA256 checksums of the old and new DMG file. Intended for the hugo data json file. --- utils/osx_signing/sign_and_staple_dmg.sh | 56 +++++++++++++++++++++++++++--- 1 file changed, 52 insertions(+), 4 deletions(-) diff --git a/utils/osx_signing/sign_and_staple_dmg.sh b/utils/osx_signing/sign_and_staple_dmg.sh index d79c04d..fcec193 100755 --- a/utils/osx_signing/sign_and_staple_dmg.sh +++ b/utils/osx_signing/sign_and_staple_dmg.sh @@ -23,9 +23,12 @@ NOVOLUMEICON=0 DEFAULTVOLUMEICONFILE=".VolumeIcon.icns" HDIUTILV="-quiet" QUIET=0 +SHA256FILE="" +OLDSHA256="" +NEWSHA256="" usage() { - echo "Usage: $( basename $0 ) [-h] [[-g gitdir] | [-e entfile]] [-d devid] [[-a appname] [-v appver ] [-j arch] [-w jver] | [-i dmgfile]] [-o outputdmg] [-O] [-t tmpdir] [-s] [-S] [-p] [-P] [-z icnsfile] [-Z] [-y] [-C] [-V] [-q]" + echo "Usage: $( basename $0 ) [-h] [[-g gitdir] | [-e entfile]] [-d devid] [[-a appname] [-v appver ] [-j arch] [-w jver] | [-i dmgfile]] [-o outputdmg] [-x file] [-O] [-t tmpdir] [-s] [-S] [-p] [-P] [-z icnsfile] [-Z] [-y] [-C] [-V] [-q]" echo " " echo " This script is used in the signing process of DMG disk image files for macOS." echo " Either -g GITDIR or -e ENTFILE should be given." @@ -50,6 +53,7 @@ usage() { echo " -z icnsfile Use icnsfile as the volume icon file (defaults to using existing '$DEFAULTVOLUMEICONFILE' file or 'GITDIR/${VOLUMEICONPATH}'." echo " -Z Don't set the volume icon, even if it already exists in the existing DMG volume (default is to set volume icons if one is there/given)." echo " -o outputdmg Output DMG file (defaults to existing dmgfile in a 'signed' sub-directory)." + echo " -x file Change the sha256 checksums for the DMG found in file (a simple search and replace of the old checksum to the new)." echo " -O Overwrite the output DMG file if it already exists." echo " -y Assume 'yes' to all confirmation requests." echo " -C Cleanup temporary folders for the given DMG file or equivalent (Runs INSTEAD of all other activities. Cleanup can be narrowed down with either -i or some/all of -a -v -j -w)." @@ -61,7 +65,7 @@ usage() { echo " will use entitlements.txt from the gitdir (-g), and output a signed (-s) and stapled (-p) DMG file in build/install4j/11/stapled with a volume icon for Jalview Develop (-z)." } -while getopts "hg:e:d:a:v:j:w:i:t:sSpPz:Zo:OyCVq" opt; do +while getopts "hg:e:d:a:v:j:w:i:t:sSpPz:Zo:x:OyCVq" opt; do case ${opt} in h) usage @@ -116,6 +120,9 @@ while getopts "hg:e:d:a:v:j:w:i:t:sSpPz:Zo:OyCVq" opt; do o) OUTPUTDMGFILE="${OPTARG}" ;; + x) + SHA256FILE="${OPTARG}" + ;; O) OVERWRITE=1 ;; @@ -243,6 +250,10 @@ else echo Working in temporary directory ''$TEMPDIR'' fi +if [ ! -z "$SHA256FILE" ]; then + OLDSHA256=$(sha256sum "$DMGFILE" | cut -d" " -f1) +fi + myecho() { local MSG="$1" local LEVEL="$2" @@ -422,7 +433,7 @@ if [ "$FOUNDAPPNAME" != "$APPNAME" ]; then fi fi myecho "* -- Going to copy volume contents to '${TEMPDMGDIR}'" -if [ "$VOLUMEICON" = 1 ]; then +if [ "$USEVOLUMEICON" = 1 ]; then myecho "* -- Going to try and set a volume icon to '${VOLUMEICON}'" fi if [ "$STAPLE" = 1 ]; then @@ -556,7 +567,7 @@ else TEMPMOUNTDIR="${TEMP_RW_BASE}/Volume" myecho "* Creating temporary RW DMG file '${TEMPDMGFILE}' to sign" - mycommand 1 hdiutil create $HDIUTILV -format UDRW -megabytes 260 -srcfolder "$TEMPDMGDIR" -volname "$VOLNAME" "$TEMPDMGFILE" || myexit "Could not create temporary DMG file '${TEMPDMGFILE}'" 15 + mycommand 1 hdiutil create $HDIUTILV -format UDRW -megabytes 260 -srcfolder "$TEMPDMGDIR" -volname "$VOLNAME" "$TEMPDMGFILE" || myexit "Could not create temporary DMG file '${TEMPDMGFILE}'" 16 myecho "* Mounting temporary disk image '${TEMPDMGFILE}' on '${TEMPMOUNTDIR}'" mycommand 1 hdiutil attach $HDIUTILV -mountpoint "${TEMPMOUNTDIR}" "${TEMPDMGFILE}" || myexit "Could not mount '${TEMPDMGFILE}' on '${TEMPMOUNTDIR}'. Aborting." 16 @@ -597,3 +608,40 @@ if [ "$SIGN" = 1 ]; then fi [ "$STAPLED" = 1 ] && STAPLED=" stapled" myecho "***${SIGNED}${AND}${STAPLED} DMG file at '${NEWDMGFILE}'" + +if [ ! -z "$SHA256FILE" -a ! -z "$OLDSHA256" ]; then + NEWSHA256=$(sha256sum "$NEWDMGFILE" | cut -d" " -f1) + if [ ! -e "$SHA256FILE" ]; then + myecho "# File to change SHA256 checksum in '${SHA256FILE}' doesn't exist." + myecho "* The old SHA256 checksum is '${OLDSHA256}'" + myecho "* The new SHA256 checksum is '${NEWSHA256}'" + exit 18 + fi + + if [ -z "$NEWSHA256" ]; then + myecho "# New checksum is empty. Not doing replacements." + exit 19 + fi + + myecho "* ---- Going to use replace checksums in '${SHA256FILE}'" + myecho "* from '${OLDSHA256}'" + myecho "* to '${NEWSHA256}'" + # Confirmation of checksum replacement in file + if [ "${YES}" != 1 ]; then + read -r -p "* Continue? [y/N] " response + case $(echo "${response}" | tr '[:upper:]' '[:lower:]') in + yes|y) + myecho "* Continuing." + ;; + *) + myexit "Aborting due to negative confirmation." 0 + exit + ;; + esac + fi + # be very careful here! + if [ -e "$SHA256FILE" -a ! -z "$OLDSHA256" -a ! -z "$NEWSHA256" ]; then + OLD="$OLDSHA256" NEW="$NEWSHA256" perl -p -i -e 's/$ENV{OLD}/$ENV{NEW}/g;' "$SHA256FILE" + myecho "*** Replaced checksums in '$SHA256FILE'" + fi +fi -- 1.7.10.2