Commits

Ivan Vučica committed ff2d1a1

Added check for files owned by non-current user. Added check for files unreadable by owner.

These aim to detect this error from ITC:

Files Only Readable By The Root User - The installer package includes files that are only readable by the root user. This will prevent verification of the application's code signature when your app is run. Ensure that non-root users can read the files in your app.

Comments (0)

Files changed (1)

 # and select "Show in Finder". Open a terminal. Punch in "cd ", drag and
 # drop the archive folder. Press enter.  Run the script by passing the 
 # app bundle name.
+#
+# You can also do this before archiving, of course. For example,
+# from directory ~/projects/My App/build/Release:
+# $ ./checkapp-mas.sh "My App.app"
 
 # Current list of checks:
 # * Does the executable depend on some external libs?[1]
 # @executable_name is replaced with full path to executable.
 # We don't check for @rpath or @loaderpath
 #
+# [3] Permissions
+# .app must not contain files readable only by the root.
+# We have some hacks that check for this:
+# - is file owned by non-`whoami` user?
+# - is file unreadable by owner?
+
+# !!! Patches for any check are more than welcome !!!
 
 # And now for the code:
 
+if [ "$1" == "" ] ; then
+	echo "usage: $0 MyApp.app"
+	exit 1
+fi
+
 VALIDATED=1
 REASON=""
 APPNAME="$1"
 	cd ..
 done
 
+# Does the bundle contain files with incorrect permissions?[3]
+# All files should be owned by current user (output of whoami).
+cd "$APPPATH"
+INCORRECTLY_OWNED_FILES="`find . -exec ls -al '{}' ';' | awk '{ print $3 } ' | grep -v \`whoami\` | grep -v '^$'`"
+if [ ! -z "$INCORRECTLY_OWNED_FILES" ] ; then
+	echo "== FILES OWNED BY INCORRECT USER FOUND"
+	VALIDATED=0
+	REASON="${REASON}Files owned by incorrect user found in the bundle.\n"
+fi
+UNREADABLE_FILES="`find . -exec ls -al '{}' ';' | awk '{ print $1 } ' | grep -e '^.--.*'`"
+if [ ! -z "$UNREADABLE_FILES" ] ; then
+	echo "== FILES UNREADABLE BY OWNER FOUND"
+	VALIDATED=0
+	REASON="${REASON}Found some files with incorrect permissions mode, making them unreadable by the owner.\n"
+fi
+
+
 # Ok... we are done!
 
 if [ $VALIDATED -eq 1 ] ; then
 	echo
 	echo
 	echo "App validation failed:"
-	echo -e $REASON
+	echo $REASON
 	exit 1
 fi