Google Git
Sign in
chromium / chromium / src / 3e2bc927233762a0ca850732c09b3dd364db41e7 / . / chrome / installer / mac / signing / config.py.in
blob: 890990e5ffc923a2b5c4bc8681d482d030eb6966 [file] [log] [blame]
# @GEN_HEADER@
# Copyright 2019 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import os.path
from .model import Distribution
class CodeSignConfig(object):
"""Code sign base configuration object.
A CodeSignConfig contains properties that provide path component information
to locate products for code signing and options that control the code
signing process.
The base configuration is produced from variable injection during the build
process. Derived configurations are created for internal signing artifacts
and when using |model.Distribution| objects.
"""
def __init__(self, identity, keychain=None):
"""Creates a CodeSignConfig that will sign the product using the static
properties on the class, using the code signing identity passed to the
constructor, which is found in the specified keychain.
Args:
identity: The name of the code signing identity to use. This can
be any value that `codesign -s <identity>` accepts, like the
hex-encoded SHA1 hash of the certificate. Must not be None.
keychain: Optional path to the keychain file, in which the signing
|identity| will be searched for.
"""
assert identity
self._identity = identity
self._keychain = keychain
@property
def identity(self):
"""Returns the code signing identity that will be used to sign the
products.
"""
return self._identity
@property
def keychain(self):
"""Returns the filename of the keychain in which |identity| will be
searched for. May be None.
"""
return self._keychain
@property
def app_product(self):
"""Returns the product name that is used for the outer .app bundle.
This is displayed to the user in Finder.
"""
return '@PRODUCT_FULLNAME@'
@property
def product(self):
"""Returns the branding product name. This can match |app_product|
for some release channels. Other release channels may customize
app_product, but components internal to the app bundle will still
refer to |product|. This is used to locate the build products from
the build system, while |app_product| is used when customizing for
|model.Distribution| objects.
"""
return '@PRODUCT_FULLNAME@'
@property
def version(self):
"""Returns the version of the application."""
return '@MAJOR@.@MINOR@.@BUILD@.@PATCH@'
@property
def base_bundle_id(self):
"""Returns the base CFBundleIdentifier that is used for the outer app
bundle, and to which sub-component identifiers are appended.
"""
return '@MAC_BUNDLE_ID@'
@property
def use_new_mac_bundle_structure(self):
"""Returns True if the framework's location in the outer app bundle
is in the "new layout" (i.e. Contents/Frameworks rather than
Contents/Versions). This is temporary for https://crbug.com/958976.
"""
return '@NEW_MAC_BUNDLE_STRUCTURE@' == 'true'
@property
def optional_parts(self):
"""Returns a set of part names that are allowed to be missing when
signing the contents of the bundle. The part names should reflect the
part short name keys in the dictionary returned by signing.get_parts().
"""
# This part requires src-internal, so it is not required for a Chromium
# build signing.
return set(('libwidevinecdm.dylib',))
@property
def codesign_options_outer_app(self):
"""Returns the codesign -o flags for the outer app bundle."""
return 'restrict'
@property
def codesign_options_helpers(self):
"""Returns the codesign -o flags for helper executables within the
bundle.
"""
return self.codesign_options_outer_app + ',library'
@property
def codesign_options_installer_tools(self):
"""Returns the codesign -o flags for the installer tools, which
are not shipped to end-users.
"""
return self.codesign_options_helpers + ',kill'
@property
def codesign_requirements_basic(self):
"""Returns the codesign --requirements string that is combined with
a designated identifier requirement string of a
|model.CodeSignedProduct|. This requirement is applied to all
CodeSignedProducts.
"""
return ''
@property
def codesign_requirements_outer_app(self):
"""Returns the codesign --requirements string for the outer app bundle.
This is used in conjunction with |codesign_requirements_basic|."""
return ''
@property
def provisioning_profile_basename(self):
"""Returns the basename of the provisioning profile used to sign the
outer app bundle. This file with a .provisionprofile extension is
located in the |packaging_dir|.
"""
return None
@property
def dmg_basename(self):
"""Returns the file basename of the packaged DMG."""
return '{}-{}'.format(self.app_product.replace(' ', ''), self.version)
@property
def distributions(self):
"""Returns a list of |model.Distribution| objects that customize the
results of signing. This must contain at least one Distribution, which
can be a default Distribution.
"""
return [Distribution()]
@property
def run_spctl_assess(self):
"""Returns whether the final code signed binary should be assessed by
Gatekeeper after signing.
"""
# The base config should not run spctl because the app bundle is
# currently signed with resource rules, which are only permitted for
# Google Chrome as signed by Google. The internal_config returns True.
return False
# Computed Properties ######################################################
@property
def app_dir(self):
"""Returns the path to the outer app bundle directory."""
return '{.app_product}.app'.format(self)
@property
def resources_dir(self):
"""Returns the path to the outer app's Resources directory."""
return os.path.join(self.app_dir, 'Contents', 'Resources')
@property
def framework_dir(self):
"""Returns the path to the app's framework directory."""
if self.use_new_mac_bundle_structure:
return '{0.app_dir}/Contents/Frameworks/{0.product} Framework.framework'.format(self)
else:
return '{0.app_dir}/Contents/Versions/{0.version}/{0.product} Framework.framework'.format(self)
@property
def packaging_dir(self):
"""Returns the path to the packaging and installer tools."""
return '{.product} Packaging'.format(self)