Provisioning: Install signing tools to osx 10.11
[mirror/qt/qt5.git] / coin / provisioning / qtci-osx-10.11-x86_64 / 555-signtools.sh
1 #!/bin/sh
2
3 #############################################################################
4 ##
5 ## Copyright (C) 2017 The Qt Company Ltd.
6 ## Contact: http://www.qt.io/licensing/
7 ##
8 ## This file is part of the provisioning scripts of the Qt Toolkit.
9 ##
10 ## $QT_BEGIN_LICENSE:LGPL21$
11 ## Commercial License Usage
12 ## Licensees holding valid commercial Qt licenses may use this file in
13 ## accordance with the commercial license agreement provided with the
14 ## Software or, alternatively, in accordance with the terms contained in
15 ## a written agreement between you and The Qt Company. For licensing terms
16 ## and conditions see http://www.qt.io/terms-conditions. For further
17 ## information use the contact form at http://www.qt.io/contact-us.
18 ##
19 ## GNU Lesser General Public License Usage
20 ## Alternatively, this file may be used under the terms of the GNU Lesser
21 ## General Public License version 2.1 or version 3 as published by the Free
22 ## Software Foundation and appearing in the file LICENSE.LGPLv21 and
23 ## LICENSE.LGPLv3 included in the packaging of this file. Please review the
24 ## following information to ensure the GNU Lesser General Public License
25 ## requirements will be met: https://www.gnu.org/licenses/lgpl.html and
26 ## http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
27 ##
28 ## As a special exception, The Qt Company gives you certain additional
29 ## rights. These rights are described in The Qt Company LGPL Exception
30 ## version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
31 ##
32 ## $QT_END_LICENSE$
33 ##
34 #############################################################################
35
36 # Install tools for signing packages
37 # This script assume that OS is vanilla. Target machine dosen't have any signing certificates installed.
38
39 set -ex
40
41 cache="http://ci-files01-hki.intra.qt.io/input"
42 cacheSigningTools="$cache/mac/sign_tools"
43 targetFolder="/Users/qt"
44 keychains="$targetFolder/Library/Keychains"
45
46 Install() {
47
48     url=$1
49     targetFile=$2
50     expectedSha1=$3
51
52     echo "Fetching $targetFile from $url..."
53     curl --retry 5 --retry-delay 10 --retry-max-time 60 "$url" -o "$targetFile"
54     shasum "$targetFile" |grep "$expectedSha1"
55
56 }
57
58 # qt-license
59 sha1QtLicense="9d59241d16f68d914f1c7aa1dc23e05faa169e8d"
60 Install "$cache/semisecure/.qt-license" "$targetFolder/.qt-license" $sha1QtLicense
61
62 # Login keychain
63 sha1LoginKeychainPassword="aae58d00d0a1b179a09f21cfc67f9d16fb95ff36"
64 Install "$cacheSigningTools/login_keychain_password.txt" "$targetFolder/login_keychain_password.txt" "$sha1LoginKeychainPassword"
65 loginKeychainPassword=$(<"$targetFolder/login_keychain_password.txt")
66 loginKeychain=$keychains/login.keychain
67
68 echo "Setting login.keychain as default keychain.."
69 security default-keychain -s $loginKeychain*
70 echo "Unlocking Login keychain with password.."
71 security unlock-keychain -p "$loginKeychainPassword" $loginKeychain*
72
73 echo "remove the "Lock after X minutes of inactivity" from login.keychain"
74 security set-keychain-settings $loginKeychain
75
76 # Apple Worldwide Developer Relations Certification Authority -> https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
77 sha1AppleWWDRCA="ff6797793a3cd798dc5b2abef56f73edc9f83a64"
78 Install "$cacheSigningTools/AppleWWDRCA.cer" "$targetFolder/AppleWWDRCA.cer" $sha1AppleWWDRCA
79 sudo security add-certificates -k $loginKeychain* "$targetFolder/AppleWWDRCA.cer"
80
81 # Developer ID Certification Authority -> https://www.apple.com/certificateauthority/DeveloperIDCA.cer
82 sha1DeveloperIDCA="3b166c3b7dc4b751c9fe2afab9135641e388e186"
83 Install "$cacheSigningTools/DeveloperIDCA.cer" "$targetFolder/DeveloperIDCA.cer" $sha1DeveloperIDCA
84 sudo security add-certificates -k $loginKeychain* "$targetFolder/DeveloperIDCA.cer"
85
86 # Create script to unlock keychain 'security unlock-keychain -p 'password' Developer_ID_TheQtCompany.keychain'
87 sha1UnLockKeychain="4398870e3f558ad28c80566b5f70e24dc29ea724"
88 unlockKeychain=$targetFolder/unlock-keychain.sh
89 Install "$cacheSigningTools/unlock-keychain.sh" "$unlockKeychain" $sha1UnLockKeychain
90 sudo chmod 755 "$unlockKeychain"
91
92 # Codesigning requirements file. The bundle identifier in the requirements file should match the identifier of the application that is signed.
93 shaCsreq="2c3f00b1845a0f475673fd6934ba25ea51d1f910"
94 csreq=$targetFolder/csreq_qt_company.txt
95 Install "$cacheSigningTools/csreq_qt_company.txt" "$csreq" $shaCsreq
96 chmod 755 "$csreq"
97
98 # iOS signing tools
99 devIDKeychain="Developer_ID_TheQtCompany.keychain"
100 shaDevIdKeychain="0420a129c17725a97afd6fdafeb9cddfb80a65ca"
101 Install "$cacheSigningTools/$devIDKeychain" "$keychains/$devIDKeychain" $shaDevIdKeychain
102 echo "Opening $devIDKeychain.."
103 open "$keychains/$devIDKeychain"
104
105 sha1DeveloperIDTheQtCompanyKeychainPassword="d758e067736bbda7a91ffaec66cd38afdaf68ea6"
106 Install "$cacheSigningTools/Developer_ID_TheQtCompany_keychain_password.txt" "$targetFolder/Developer_ID_TheQtCompany_keychain_password.txt" "$sha1DeveloperIDTheQtCompanyKeychainPassword"
107 DeveloperIDTheQtCompanyKeychainPassword=$(<"$targetFolder/Developer_ID_TheQtCompany_keychain_password.txt")
108
109 echo "Unlocking $devIDKeychain with password.."
110 security unlock-keychain -p "$DeveloperIDTheQtCompanyKeychainPassword" $keychains/Developer_ID_TheQtCompany.keychain
111 security set-keychain-settings $keychains/Developer_ID_TheQtCompany.keychain
112
113 sha1Ios="aae58d00d0a1b179a09f21cfc67f9d16fb95ff36"
114 Install "$cacheSigningTools/ios_password.txt" "$targetFolder/ios_password.txt" $sha1Ios
115 iosPassword=$(<"$targetFolder/ios_password.txt")
116
117 iPhoneDeveloper="iosdevelopment2qtcompany.p12"
118 shaIPhoneDeveloper="e7be33ca65886afcb3f41de17bb211310e199f8a"
119 Install "$cacheSigningTools/latest_ios_cert/$iPhoneDeveloper" "$targetFolder/$iPhoneDeveloper" $shaIPhoneDeveloper
120 echo "Importing $iPhoneDeveloper.."
121 security import $targetFolder/$iPhoneDeveloper -k $loginKeychain* -P $iosPassword -T /usr/bin/codesign
122
123 iPhoneDistribution="iosdistribution.p12"
124 shaIPhoneDistribution="64b1174fc3ce0eca044fbc9fa144f6a2d4330171"
125 Install "$cacheSigningTools/latest_ios_cert/$iPhoneDistribution" "$targetFolder/$iPhoneDistribution" $shaIPhoneDistribution
126 echo "Importing $iPhoneDistribution.."
127 security import "$targetFolder/$iPhoneDistribution" -k $loginKeychain* -P $iosPassword -T /usr/bin/codesign
128
129 # Mobileprovision
130 echo "Creating directory $targetFolder/Library/MobileDevice/Provisioning Profiles.."
131 mkdir "$targetFolder/Library/MobileDevice"
132 mkdir "$targetFolder/Library/MobileDevice/Provisioning Profiles"
133 shaMobileprovision="88c67c95a6f59e6463a00da0b5021f581db624bf"
134 Install "$cacheSigningTools/latest_ios_cert/iOS_Dev08112017.mobileprovision" "$targetFolder/Library/MobileDevice/Provisioning Profiles/iOS_Dev08112017.mobileprovision" $shaMobileprovision
135
136 # Removing password files
137 rm -fr "$targetFolder/login_keychain_password.txt"
138