Skip to content

Commit

Permalink
Update munki_rebrand.py (#60)
Browse files Browse the repository at this point in the history 
fix for python signing
  • Loading branch information
@SteveKueng
SteveKueng committed Apr 4, 2024
1 parent f69ff0a commit 150ab79
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions munki_rebrand.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -323,7 +323,8 @@ def sign_binary(
deep=False,
options=[],
entitlements="",
force=False):
force=False,
preserve=False):
"""Signs a binary with a signing id, with optional arguments for command line
args"""
cmd = [CODESIGN, "--sign", signing_id]
Expand All @@ -339,6 +340,8 @@ def sign_binary(
if options:
cmd.append("--options")
cmd.append(",".join([option for option in options]))
if preserve:
cmd.append("--preserve-metadata=identifier,entitlements,flags,runtime")
cmd.append(binary)
run_cmd(cmd)

Expand Down Expand Up @@ -646,26 +649,23 @@ def main():
sign_binary(
args.sign_binaries,
binary,
deep=True,
force=True,
options=["runtime"],
preserve=True,
)
for binary in entitled_binaries:
if verbose:
print(f"Signing {binary} with entitlements from {ent_file}...")
sign_binary(
args.sign_binaries,
binary,
deep=True,
force=True,
options=["runtime"],
entitlements=ent_file,
preserve=True,
)
# Finally sign python framework
py_fwkpath = os.path.join(python_payload, PY_FWK)
if verbose:
print(f"Signing {py_fwkpath}...")
sign_binary(args.sign_binaries, py_fwkpath, deep=True, force=True)
sign_binary(args.sign_binaries, py_fwkpath, deep=True, force=True, preserve=True)

final_pkg = os.path.join(os.getcwd(), f"{outfilename}-{munki_version}.pkg")
print(f"Building output pkg at {final_pkg}...")
Expand Down

0 comments on commit 150ab79

Please sign in to comment.