Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / skia / 22534f2098e7df401ce6d8498f37fdc36cd8f357 / . / gn / codesign_ios.py
blob: 841daa53675d143b58149a66755263a182f982d7 [file] [log] [blame]
Mike Klein6d3b7aa2017-01-30 14:00:54 -0500[diff] [blame]1#!/usr/bin/env python2.7
2#
3# Copyright 2017 Google Inc.
4#
5# Use of this source code is governed by a BSD-style license that can be
6# found in the LICENSE file.
7
Mike Klein63afe642017-01-31 12:07:33 -0500[diff] [blame]8import glob
Mike Klein6d3b7aa2017-01-30 14:00:54 -0500[diff] [blame]9import os
Ben Wagner076c50c2019-09-27 18:16:02 -0400[diff] [blame]10import os.path
Mike Klein6d3b7aa2017-01-30 14:00:54 -0500[diff] [blame]11import re
12import shutil
13import subprocess
14import sys
15import tempfile
16
17# Arguments to the script:
Jim Van Verth443a9132017-11-28 09:45:26 -0500[diff] [blame]18# pkg path to application directory, e.g. out/Debug/dm.app
19# executable and plist should already be in this directory
Jim Van Verth4e502972017-12-07 15:16:10 -0500[diff] [blame]20# identstr search string (regex fragment) for code signing identity
Ben Wagner076c50c2019-09-27 18:16:02 -0400[diff] [blame]21# profile path or name of provisioning profile
Jim Van Verth4e502972017-12-07 15:16:10 -0500[diff] [blame]22pkg,identstr,profile = sys.argv[1:]
Mike Klein63afe642017-01-31 12:07:33 -0500[diff] [blame]23
24# Find the Google signing identity.
25identity = None
26for line in subprocess.check_output(['security', 'find-identity']).split('\n'):
Jim Van Verth4e502972017-12-07 15:16:10 -0500[diff] [blame]27 m = re.match(r'''.*\) (.*) "''' + identstr + '"', line)
Mike Klein63afe642017-01-31 12:07:33 -0500[diff] [blame]28 if m:
29 identity = m.group(1)
30assert identity
31
32# Find the Google mobile provisioning profile.
33mobileprovision = None
Ben Wagner076c50c2019-09-27 18:16:02 -0400[diff] [blame]34if os.path.isfile(profile):
35 mobileprovision = profile
36else:
37 for p in glob.glob(os.path.join(os.environ['HOME'], 'Library', 'MobileDevice',
38 'Provisioning Profiles',
39 '*.mobileprovision')):
40 if re.search(r'''<key>Name</key>
Jim Van Verth4e502972017-12-07 15:16:10 -0500[diff] [blame]41\t<string>''' + profile + r'''</string>''', open(p).read(), re.MULTILINE):
Ben Wagner076c50c2019-09-27 18:16:02 -0400[diff] [blame]42 mobileprovision = p
Mike Klein63afe642017-01-31 12:07:33 -0500[diff] [blame]43assert mobileprovision
Mike Klein6d3b7aa2017-01-30 14:00:54 -0500[diff] [blame]44
Jim Van Verth443a9132017-11-28 09:45:26 -0500[diff] [blame]45# The .mobileprovision just gets copied into the package.
Mike Klein6d3b7aa2017-01-30 14:00:54 -0500[diff] [blame]46shutil.copy(mobileprovision,
47 os.path.join(pkg, 'embedded.mobileprovision'))
48
Mike Klein6d3b7aa2017-01-30 14:00:54 -0500[diff] [blame]49# Extract the appliciation identitifer prefix from the .mobileprovision.
50m = re.search(r'''<key>ApplicationIdentifierPrefix</key>
51\t<array>
52\t<string>(.*)</string>''', open(mobileprovision).read(), re.MULTILINE)
53prefix = m.group(1)
54
Jim Van Verth443a9132017-11-28 09:45:26 -0500[diff] [blame]55app, _ = os.path.splitext(os.path.basename(pkg))
56
Mike Klein6d3b7aa2017-01-30 14:00:54 -0500[diff] [blame]57# Write a minimal entitlements file, then codesign.
58with tempfile.NamedTemporaryFile() as f:
59 f.write('''
60<plist version="1.0">
61 <dict>
62 <key>application-identifier</key> <string>{prefix}.com.google.{app}</string>
63 <key>get-task-allow</key> <true/>
64 </dict>
65</plist>
66'''.format(prefix=prefix, app=app))
67 f.flush()
68
69 subprocess.check_call(['codesign',
70 '--force',
71 '--sign', identity,
72 '--entitlements', f.name,
73 '--timestamp=none',
74 pkg])