Allow different identities for iOS code signing
Docs-Preview: https://skia.org/?cl=81340
Bug: skia:
Change-Id: I9a0e52ba4ce3c0c4b40cc65ce6b26bd3cebdbe4d
Reviewed-on: https://skia-review.googlesource.com/81340
Commit-Queue: Jim Van Verth <jvanverth@google.com>
Reviewed-by: Mike Klein <mtklein@chromium.org>
diff --git a/BUILD.gn b/BUILD.gn
index 131bf0b..5bc5376 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -62,6 +62,11 @@
} else {
skia_use_vulkan = skia_vulkan_sdk != ""
}
+
+ if (is_ios) {
+ skia_ios_identity = ".*Google.*"
+ skia_ios_profile = "Google Development"
+ }
}
declare_args() {
skia_tools_vulkan_header_dir = ""
@@ -1083,8 +1088,11 @@
"$bundle_root_dir/_CodeSignature/CodeResources",
"$bundle_root_dir/embedded.mobileprovision",
]
- code_signing_args =
- [ rebase_path("$bundle_root_dir", root_build_dir) ]
+ code_signing_args = [
+ rebase_path("$bundle_root_dir", root_build_dir),
+ skia_ios_identity,
+ skia_ios_profile,
+ ]
}
}
} else {
diff --git a/gn/codesign_ios.py b/gn/codesign_ios.py
index 66a97d3..beb3603 100644
--- a/gn/codesign_ios.py
+++ b/gn/codesign_ios.py
@@ -16,12 +16,14 @@
# Arguments to the script:
# pkg path to application directory, e.g. out/Debug/dm.app
# executable and plist should already be in this directory
-pkg, = sys.argv[1:]
+# identstr search string (regex fragment) for code signing identity
+# profile name of provisioning profile
+pkg,identstr,profile = sys.argv[1:]
# Find the Google signing identity.
identity = None
for line in subprocess.check_output(['security', 'find-identity']).split('\n'):
- m = re.match(r'''.*\) (.*) ".*Google.*"''', line)
+ m = re.match(r'''.*\) (.*) "''' + identstr + '"', line)
if m:
identity = m.group(1)
assert identity
@@ -31,7 +33,7 @@
for p in glob.glob(os.path.join(os.environ['HOME'], 'Library', 'MobileDevice',
'Provisioning Profiles', '*.mobileprovision')):
if re.search(r'''<key>Name</key>
-\t<string>Google Development</string>''', open(p).read(), re.MULTILINE):
+\t<string>''' + profile + r'''</string>''', open(p).read(), re.MULTILINE):
mobileprovision = p
assert mobileprovision
diff --git a/site/user/build.md b/site/user/build.md
index ce5edba..4d56005 100644
--- a/site/user/build.md
+++ b/site/user/build.md
@@ -205,8 +205,12 @@
bin/gn gen out/ios32 --args='target_os="ios" target_cpu="arm"'
bin/gn gen out/iossim --args='target_os="ios" target_cpu="x64"'
-This will also package (and for devices, sign) iOS test binaries. For the moment a
-Google provisioning profile is needed to sign.
+This will also package (and for devices, sign) iOS test binaries. This defaults to a
+Google signing identity and provisioning profile. To use a different one set `skia_ios_identity`
+to match your code signing identity and `skia_ios_profile` to the name of your provisioning
+profile, e.g. `skia_ios_identity=".*Jane Doe.*" skia_ios_profile="iPad Profile"`. A list of
+identities can be found by typing `security find-identity` on the command line. The name of the
+provisioning profile should be available on the Apple Developer site.
For signed packages `ios-deploy` makes installing and running them on a device easy:
@@ -217,6 +221,10 @@
If you find yourself missing a Google signing identity or provisioning profile,
you'll want to have a read through go/appledev.
+Deploying to a device with an OS older than the current SDK doesn't currently work through Xcode,
+but can be done on the command line by setting the environment variable IPHONEOS_DEPLOYMENT_TARGET
+to the desired OS version.
+
Windows
-------