xref: /aosp_15_r20/external/skia/gn/codesign_ios.py (revision c8dee2aa9b3f27cf6c858bd81872bdeb2c07ed17) 
1#!/usr/bin/env python2.7
2#
3# Copyright 2017 Google Inc.
4#
5# Use of this source code is governed by a BSD-style license that can be
6# found in the LICENSE file.
7
8import glob
9import os
10import os.path
11import re
12import shutil
13import subprocess
14import sys
15import tempfile
16
17# Arguments to the script:
18#  pkg              path to application directory, e.g. out/Debug/dm.app
19#                   executable and plist should already be in this directory
20#  identstr         search string (regex fragment) for code signing identity
21#  profile          path or name of provisioning profile
22pkg,identstr,profile = sys.argv[1:]
23
24# Find the signing identity.
25identity = None
26for line in subprocess.check_output([
27    'security', 'find-identity']).decode('utf-8').split('\n'):
28  m = re.match(r'''.*\) (.*) "''' + identstr + '"', line)
29  if m:
30    identity = m.group(1)
31if identity is None:
32  print("Signing identity matching '" + identstr + "' not found.")
33  print("Please verify by running 'security find-identity' or checking your keychain.")
34  sys.exit(1)
35
36# Find the mobile provisioning profile.
37mobileprovision = None
38if os.path.isfile(profile):
39  mobileprovision = profile
40else:
41  for p in glob.glob(os.path.join(os.environ['HOME'], 'Library', 'MobileDevice',
42                                  'Provisioning Profiles',
43                                  '*.mobileprovision')):
44    if re.search(r'''<key>Name</key>
45\t<string>''' + profile + r'''</string>''', open(p, 'rb').read().decode("utf-8", "ignore"), re.MULTILINE):
46      mobileprovision = p
47if mobileprovision is None:
48  print("Provisioning profile matching '" + profile + "' not found.")
49  print("Please verify that the correct profile is installed in '${HOME}/Library/MobileDevice/Provisioning Profiles' or specify the path directly.")
50  sys.exit(1)
51
52# The .mobileprovision just gets copied into the package.
53shutil.copy(mobileprovision,
54            os.path.join(pkg, 'embedded.mobileprovision'))
55
56# Extract the appliciation identitifer prefix from the .mobileprovision.
57m = re.search(r'''<key>ApplicationIdentifierPrefix</key>
58\t<array>
59\t<string>(.*)</string>''', open(mobileprovision, 'rb').read().decode("utf-8", "ignore"), re.MULTILINE)
60prefix = m.group(1)
61
62app, _ = os.path.splitext(os.path.basename(pkg))
63
64# Write a minimal entitlements file, then codesign.
65with tempfile.NamedTemporaryFile() as f:
66  f.write('''
67<plist version="1.0">
68  <dict>
69    <key>application-identifier</key> <string>{prefix}.com.google.{app}</string>
70    <key>get-task-allow</key>         <true/>
71  </dict>
72</plist>
73'''.format(prefix=prefix, app=app).encode("utf-8"))
74  f.flush()
75
76  subprocess.check_call(['codesign',
77                         '--force',
78                         '--sign', identity,
79                         '--entitlements', f.name,
80                         '--timestamp=none',
81                         pkg])
82