Google Git
Sign in
chromium / chromium / src.git / 9c3143e8fb76f57c24586b6ec529a444f00a842a
commit9c3143e8fb76f57c24586b6ec529a444f00a842a[log] [tgz]
authorMark Mentovai <mark@chromium.org>Mon May 20 21:29:23 2019
committerCommit Bot <commit-bot@chromium.org>Mon May 20 21:29:23 2019
treed134c3c6f8b317ec78ab94aaacf7250919242d41
parentfa03af82772af8a0ffe6ea585ae9c5c3d77dffcf [diff]
Restore the "omit" code signature resource rule to new-layout installations

The new signing scripts introduced by bug 958163 do not use the "omit"
code signature resource rule when signing a new-layout product. Bug
958976 enabled the new layout by default. This is fine for a product
built in isolation, but is incorrect in the field, for products that
update on top of existing old-layout versions. For proper function, the
resource rule must be preserved as long as an old-layout version exists.
Vestiges of these old-layout versions will remain following an update
when updating directly from an old-layout version or when an old-layout
version appears to be in use. Accordingly, it will take at least two
updates, and for some users, many more, to assure that these historical
artifacts are fully purged. Until that happens, the "omit" resource rule
assures that the presence of an old-layout old version does not
interfere with code signature validation.

Removal of the "omit" resource rule is required for successful
notarization, so this rule's days are numbered. In due time, resource
rule removal will fix bug 496298, and is a prerequisite for fixing bug
850199.

Because this removes the requirement that a specific version's versioned
directory appear in the outer .app's Contents/Versions, as this no
longer exists with the new layout, this change breaks the ability to
properly sign products built with new_mac_bundle_structure = false.
However, following recent successful testing, this flag now defaults to
true, will be removed shortly, and we do not anticipate releasing
anything built with it set to false again.

Bug: 965224
Change-Id: I095b1cd66de599ab57fb07635cb8947adfe06128
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1621070
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#661476}
5 files changed
tree: d134c3c6f8b317ec78ab94aaacf7250919242d41
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. .clang-format
  52. .eslintrc.js
  53. .git-blame-ignore-revs
  54. .gitattributes
  55. .gitignore
  56. .gn
  57. .vpython
  58. AUTHORS
  59. BUILD.gn
  60. CODE_OF_CONDUCT.md
  61. codereview.settings
  62. DEPS
  63. ENG_REVIEW_OWNERS
  64. LICENSE
  65. LICENSE.chromium_os
  66. OWNERS
  67. PRESUBMIT.py
  68. PRESUBMIT_test.py
  69. PRESUBMIT_test_mocks.py
  70. README.md
  71. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .