DRTVWR-520 SLPlugin signing and hardened runtime for viewer

author: Andrey Lihatskiy <alihatskiy@productengine.com> 2021-04-27 06:11:17 +0300
committer: Andrey Lihatskiy <alihatskiy@productengine.com> 2021-04-27 06:21:58 +0300
commit: 5d21daf2db6f20f9c72779aaa48a0388469b8839 (patch)
tree: caeb43eb44af18e42224f09fcbb2214840c7f994
parent: 430661f1351b177355de7f2a993f6e34c835f939 (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/indra/newview/viewer_manifest.py b/indra/newview/viewer_manifest.py
index a981e7c758..6cbb82b39b 100755
--- a/indra/newview/viewer_manifest.py
+++ b/indra/newview/viewer_manifest.py
@@ -1289,16 +1289,15 @@ class DarwinManifest(ViewerManifest):
                     sign_retry_wait=15
                     libvlc_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_libvlc.dylib"
                     cef_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_cef.dylib"
+                    slplugin_path = app_in_dmg + "Contents/Resources/SLPlugin.app/Contents/MacOS/SLPlugin"
                     while (not signed) and (sign_attempts > 0):
                         try:
                             sign_attempts-=1;
+                            # Note: See blurb above about names of keychains
                             self.run_command(['codesign', '--force', '--timestamp','--keychain', viewer_keychain, '--sign', identity, libvlc_path])
                             self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, cef_path])
-                            self.run_command(
-                                # Note: See blurb above about names of keychains
-                               ['codesign', '--verbose', '--deep', '--force',
-                                '--keychain', viewer_keychain, '--sign', identity,
-                                app_in_dmg])
+                            self.run_command(['codesign', '--verbose', '--deep', '--force', '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, slplugin_path])
+                            self.run_command(['codesign', '--verbose', '--deep', '--force', '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, app_in_dmg])
                             signed=True # if no exception was raised, the codesign worked
                         except ManifestError as err:
                             if sign_attempts:
@@ -1361,7 +1360,7 @@ class LinuxManifest(ViewerManifest):
         with self.prefix(dst="bin"):
             self.path("secondlife-bin","do-not-directly-run-secondlife-bin")
             self.path("../linux_crash_logger/linux-crash-logger","linux-crash-logger.bin")
-            self.path2basename("../llplugin/slplugin", "SLPlugin") 
+            self.path2basename("../llplugin/slplugin", "SLPlugin")
             #this copies over the python wrapper script, associated utilities and required libraries, see SL-321, SL-322 and SL-323
             with self.prefix(src="../viewer_components/manager", dst=""):
                 self.path("*.py")
author	Andrey Lihatskiy <alihatskiy@productengine.com>	2021-04-27 06:11:17 +0300
committer	Andrey Lihatskiy <alihatskiy@productengine.com>	2021-04-27 06:21:58 +0300
commit	5d21daf2db6f20f9c72779aaa48a0388469b8839 (patch)
tree	caeb43eb44af18e42224f09fcbb2214840c7f994
parent	430661f1351b177355de7f2a993f6e34c835f939 (diff)