2017-01-30 19:00:54 +00:00
|
|
|
#!/usr/bin/env python2.7
|
|
|
|
#
|
|
|
|
# Copyright 2017 Google Inc.
|
|
|
|
#
|
|
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
|
|
# found in the LICENSE file.
|
|
|
|
|
2017-01-31 17:07:33 +00:00
|
|
|
import glob
|
2017-01-30 19:00:54 +00:00
|
|
|
import os
|
2019-09-27 22:16:02 +00:00
|
|
|
import os.path
|
2017-01-30 19:00:54 +00:00
|
|
|
import re
|
|
|
|
import shutil
|
|
|
|
import subprocess
|
|
|
|
import sys
|
|
|
|
import tempfile
|
|
|
|
|
|
|
|
# Arguments to the script:
|
2017-11-28 14:45:26 +00:00
|
|
|
# pkg path to application directory, e.g. out/Debug/dm.app
|
|
|
|
# executable and plist should already be in this directory
|
2017-12-07 20:16:10 +00:00
|
|
|
# identstr search string (regex fragment) for code signing identity
|
2019-09-27 22:16:02 +00:00
|
|
|
# profile path or name of provisioning profile
|
2017-12-07 20:16:10 +00:00
|
|
|
pkg,identstr,profile = sys.argv[1:]
|
2017-01-31 17:07:33 +00:00
|
|
|
|
2020-11-09 17:12:13 +00:00
|
|
|
# Find the signing identity.
|
2017-01-31 17:07:33 +00:00
|
|
|
identity = None
|
2021-11-30 18:59:12 +00:00
|
|
|
for line in subprocess.check_output([
|
|
|
|
'security', 'find-identity']).decode('utf-8').split('\n'):
|
2017-12-07 20:16:10 +00:00
|
|
|
m = re.match(r'''.*\) (.*) "''' + identstr + '"', line)
|
2017-01-31 17:07:33 +00:00
|
|
|
if m:
|
|
|
|
identity = m.group(1)
|
2020-11-09 17:12:13 +00:00
|
|
|
if identity is None:
|
|
|
|
print("Signing identity matching '" + identstr + "' not found.")
|
|
|
|
print("Please verify by running 'security find-identity' or checking your keychain.")
|
|
|
|
sys.exit(1)
|
2017-01-31 17:07:33 +00:00
|
|
|
|
2020-11-09 17:12:13 +00:00
|
|
|
# Find the mobile provisioning profile.
|
2017-01-31 17:07:33 +00:00
|
|
|
mobileprovision = None
|
2019-09-27 22:16:02 +00:00
|
|
|
if os.path.isfile(profile):
|
|
|
|
mobileprovision = profile
|
|
|
|
else:
|
|
|
|
for p in glob.glob(os.path.join(os.environ['HOME'], 'Library', 'MobileDevice',
|
|
|
|
'Provisioning Profiles',
|
|
|
|
'*.mobileprovision')):
|
|
|
|
if re.search(r'''<key>Name</key>
|
2022-04-07 13:34:31 +00:00
|
|
|
\t<string>''' + profile + r'''</string>''', open(p, 'rb').read().decode("utf-8", "ignore"), re.MULTILINE):
|
2019-09-27 22:16:02 +00:00
|
|
|
mobileprovision = p
|
2020-11-09 17:12:13 +00:00
|
|
|
if mobileprovision is None:
|
|
|
|
print("Provisioning profile matching '" + profile + "' not found.")
|
|
|
|
print("Please verify that the correct profile is installed in '${HOME}/Library/MobileDevice/Provisioning Profiles' or specify the path directly.")
|
|
|
|
sys.exit(1)
|
2017-01-30 19:00:54 +00:00
|
|
|
|
2017-11-28 14:45:26 +00:00
|
|
|
# The .mobileprovision just gets copied into the package.
|
2017-01-30 19:00:54 +00:00
|
|
|
shutil.copy(mobileprovision,
|
|
|
|
os.path.join(pkg, 'embedded.mobileprovision'))
|
|
|
|
|
|
|
|
# Extract the appliciation identitifer prefix from the .mobileprovision.
|
|
|
|
m = re.search(r'''<key>ApplicationIdentifierPrefix</key>
|
|
|
|
\t<array>
|
2022-04-07 13:34:31 +00:00
|
|
|
\t<string>(.*)</string>''', open(mobileprovision, 'rb').read().decode("utf-8", "ignore"), re.MULTILINE)
|
2017-01-30 19:00:54 +00:00
|
|
|
prefix = m.group(1)
|
|
|
|
|
2017-11-28 14:45:26 +00:00
|
|
|
app, _ = os.path.splitext(os.path.basename(pkg))
|
|
|
|
|
2017-01-30 19:00:54 +00:00
|
|
|
# Write a minimal entitlements file, then codesign.
|
|
|
|
with tempfile.NamedTemporaryFile() as f:
|
|
|
|
f.write('''
|
|
|
|
<plist version="1.0">
|
|
|
|
<dict>
|
|
|
|
<key>application-identifier</key> <string>{prefix}.com.google.{app}</string>
|
|
|
|
<key>get-task-allow</key> <true/>
|
|
|
|
</dict>
|
|
|
|
</plist>
|
2022-04-07 13:34:31 +00:00
|
|
|
'''.format(prefix=prefix, app=app).encode("utf-8"))
|
2017-01-30 19:00:54 +00:00
|
|
|
f.flush()
|
|
|
|
|
|
|
|
subprocess.check_call(['codesign',
|
|
|
|
'--force',
|
|
|
|
'--sign', identity,
|
|
|
|
'--entitlements', f.name,
|
|
|
|
'--timestamp=none',
|
|
|
|
pkg])
|