diff options
Diffstat (limited to 'indra/newview')
-rw-r--r-- | indra/newview/llappviewer.cpp | 87 | ||||
-rwxr-xr-x | indra/newview/viewer_manifest.py | 96 |
2 files changed, 107 insertions, 76 deletions
diff --git a/indra/newview/llappviewer.cpp b/indra/newview/llappviewer.cpp index 8951213f71..254bf05d05 100644 --- a/indra/newview/llappviewer.cpp +++ b/indra/newview/llappviewer.cpp @@ -1177,44 +1177,41 @@ bool LLAppViewer::init() #if LL_RELEASE_FOR_DOWNLOAD if (!gSavedSettings.getBOOL("CmdLineSkipUpdater")) { - LLProcess::Params updater; - updater.desc = "updater process"; - // Because it's the updater, it MUST persist beyond the lifespan of the - // viewer itself. - updater.autokill = false; - std::string updater_file; + LLProcess::Params updater; + updater.desc = "updater process"; + // Because it's the updater, it MUST persist beyond the lifespan of the + // viewer itself. + updater.autokill = false; + std::string updater_file; #if LL_WINDOWS - updater_file = "SLVersionChecker.exe"; - updater.executable = gDirUtilp->getExpandedFilename(LL_PATH_EXECUTABLE, updater_file); + updater_file = "SLVersionChecker.exe"; + updater.executable = gDirUtilp->getExpandedFilename(LL_PATH_EXECUTABLE, updater_file); #elif LL_DARWIN - // explicitly run the system Python interpreter on SLVersionChecker.py - // Keep using python2 until SLVersionChecker is converted to python3. - updater.executable = "python"; - updater_file = "SLVersionChecker.py"; - updater.args.add(gDirUtilp->add(gDirUtilp->getAppRODataDir(), "updater", updater_file)); + updater_file = "SLVersionChecker"; + updater.executable = gDirUtilp->add(gDirUtilp->getAppRODataDir(), "updater", updater_file); #else - updater_file = "SLVersionChecker"; - updater.executable = gDirUtilp->getExpandedFilename(LL_PATH_EXECUTABLE, updater_file); + updater_file = "SLVersionChecker"; + updater.executable = gDirUtilp->getExpandedFilename(LL_PATH_EXECUTABLE, updater_file); #endif - // add LEAP mode command-line argument to whichever of these we selected - updater.args.add("leap"); - // UpdaterServiceSettings - if (gSavedSettings.getBOOL("FirstLoginThisInstall")) - { - // Befor first login, treat this as 'manual' updates, - // updater won't install anything, but required updates - updater.args.add("0"); - } - else - { - updater.args.add(stringize(gSavedSettings.getU32("UpdaterServiceSetting"))); - } - // channel - updater.args.add(LLVersionInfo::instance().getChannel()); - // testok - updater.args.add(stringize(gSavedSettings.getBOOL("UpdaterWillingToTest"))); - // ForceAddressSize - updater.args.add(stringize(gSavedSettings.getU32("ForceAddressSize"))); + // add LEAP mode command-line argument to whichever of these we selected + updater.args.add("leap"); + // UpdaterServiceSettings + if (gSavedSettings.getBOOL("FirstLoginThisInstall")) + { + // Befor first login, treat this as 'manual' updates, + // updater won't install anything, but required updates + updater.args.add("0"); + } + else + { + updater.args.add(stringize(gSavedSettings.getU32("UpdaterServiceSetting"))); + } + // channel + updater.args.add(LLVersionInfo::instance().getChannel()); + // testok + updater.args.add(stringize(gSavedSettings.getBOOL("UpdaterWillingToTest"))); + // ForceAddressSize + updater.args.add(stringize(gSavedSettings.getU32("ForceAddressSize"))); try { @@ -1232,11 +1229,11 @@ bool LLAppViewer::init() OSMB_OK); mUpdaterNotFound = true; } - } - else - { - LL_WARNS("InitInfo") << "Skipping updater check." << LL_ENDL; - } + } + else + { + LL_WARNS("InitInfo") << "Skipping updater check." << LL_ENDL; + } if (mUpdaterNotFound) { @@ -1269,12 +1266,12 @@ bool LLAppViewer::init() } } - if (gSavedSettings.getBOOL("QAMode") && gSavedSettings.getS32("QAModeEventHostPort") > 0) - { - LL_WARNS("InitInfo") << "QAModeEventHostPort DEPRECATED: " - << "lleventhost no longer supported as a dynamic library" - << LL_ENDL; - } + if (gSavedSettings.getBOOL("QAMode") && gSavedSettings.getS32("QAModeEventHostPort") > 0) + { + LL_WARNS("InitInfo") << "QAModeEventHostPort DEPRECATED: " + << "lleventhost no longer supported as a dynamic library" + << LL_ENDL; + } #endif //LL_RELEASE_FOR_DOWNLOAD LLTextUtil::TextHelpers::iconCallbackCreationFunction = create_text_segment_icon_from_url_match; diff --git a/indra/newview/viewer_manifest.py b/indra/newview/viewer_manifest.py index 7426938454..ae3ed56b3d 100755 --- a/indra/newview/viewer_manifest.py +++ b/indra/newview/viewer_manifest.py @@ -27,6 +27,8 @@ Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA $/LicenseInfo$ """ import errno +import glob +import itertools import json import os import os.path @@ -1272,47 +1274,79 @@ class DarwinManifest(ViewerManifest): keychain_pwd_path = os.path.join(build_secrets_checkout,'code-signing-osx','password.txt') keychain_pwd = open(keychain_pwd_path).read().rstrip() - # Note: As of macOS Sierra, keychains are created with names postfixed with '-db' so for example, the - # SL Viewer keychain would by default be found in ~/Library/Keychains/viewer.keychain-db instead of - # just ~/Library/Keychains/viewer.keychain in earlier versions. + # Note: As of macOS Sierra, keychains are created with + # names postfixed with '-db' so for example, the SL + # Viewer keychain would by default be found in + # ~/Library/Keychains/viewer.keychain-db instead of + # just ~/Library/Keychains/viewer.keychain in + # earlier versions. # - # Because we have old OS files from previous versions of macOS on the build hosts, the configurations - # are different on each host. Some have viewer.keychain, some have viewer.keychain-db and some have both. - # As you can see in the line below, this script expects the Linden Developer cert/keys to be in viewer.keychain. + # Because we have old OS files from previous + # versions of macOS on the build hosts, the + # configurations are different on each host. Some + # have viewer.keychain, some have viewer.keychain-db + # and some have both. As you can see in the line + # below, this script expects the Linden Developer + # cert/keys to be in viewer.keychain. # - # To correctly sign builds you need to make sure ~/Library/Keychains/viewer.keychain exists on the host - # and that it contains the correct cert/key. If a build host is set up with a clean version of macOS Sierra (or later) - # then you will need to change this line (and the one for 'codesign' command below) to point to right place or else - # pull in the cert/key into the default viewer keychain 'viewer.keychain-db' and export it to 'viewer.keychain' + # To correctly sign builds you need to make sure + # ~/Library/Keychains/viewer.keychain exists on the + # host and that it contains the correct cert/key. If + # a build host is set up with a clean version of + # macOS Sierra (or later) then you will need to + # change this line (and the one for 'codesign' + # command below) to point to right place or else + # pull in the cert/key into the default viewer + # keychain 'viewer.keychain-db' and export it to + # 'viewer.keychain' viewer_keychain = os.path.join(home_path, 'Library', 'Keychains', 'viewer.keychain') self.run_command(['security', 'unlock-keychain', '-p', keychain_pwd, viewer_keychain]) - signed=False - sign_attempts=3 sign_retry_wait=15 - libvlc_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_libvlc.dylib" - cef_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_cef.dylib" - slplugin_path = app_in_dmg + "/Contents/Resources/SLPlugin.app/Contents/MacOS/SLPlugin" - greenlet_path = app_in_dmg + "/Contents/Resources/updater/greenlet/_greenlet.so" - while (not signed) and (sign_attempts > 0): + resources = app_in_dmg + "/Contents/Resources/" + plain_sign = glob.glob(resources + "llplugin/*.dylib") + deep_sign = [ + resources + "updater/SLVersionChecker", + resources + "SLPlugin.app/Contents/MacOS/SLPlugin", + app_in_dmg, + ] + for attempt in range(3): + if attempt: # second or subsequent iteration + print >> sys.stderr, \ + ("codesign failed, waiting %d seconds before retrying" % + sign_retry_wait) + time.sleep(sign_retry_wait) + sign_retry_wait*=2 + try: - sign_attempts-=1 # Note: See blurb above about names of keychains - self.run_command(['codesign', '--force', '--timestamp','--keychain', viewer_keychain, '--sign', identity, libvlc_path]) - self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, cef_path]) - self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, greenlet_path]) - self.run_command(['codesign', '--verbose', '--deep', '--force', '--entitlements', self.src_path_of("slplugin.entitlements"), '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, slplugin_path]) - self.run_command(['codesign', '--verbose', '--deep', '--force', '--entitlements', self.src_path_of("slplugin.entitlements"), '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, app_in_dmg]) - signed=True # if no exception was raised, the codesign worked + for signee in plain_sign: + self.run_command( + ['codesign', + '--force', + '--timestamp', + '--keychain', viewer_keychain, + '--sign', identity, + signee]) + for signee in deep_sign: + self.run_command( + ['codesign', + '--verbose', + '--deep', + '--force', + '--entitlements', self.src_path_of("slplugin.entitlements"), + '--options', 'runtime', + '--keychain', viewer_keychain, + '--sign', identity, + signee]) + break # if no exception was raised, the codesign worked except ManifestError as err: - if sign_attempts: - print("codesign failed, waiting %d seconds before retrying" % sign_retry_wait, file=sys.stderr) - time.sleep(sign_retry_wait) - sign_retry_wait*=2 - else: - print("Maximum codesign attempts exceeded; giving up", file=sys.stderr) - raise + # 'err' goes out of scope + sign_failed = err + else: + print >> sys.stderr, "Maximum codesign attempts exceeded; giving up" + raise sign_failed self.run_command(['spctl', '-a', '-texec', '-vvvv', app_in_dmg]) self.run_command([self.src_path_of("installers/darwin/apple-notarize.sh"), app_in_dmg]) |