| # @GEN_HEADER@ |
| # Copyright 2019 The Chromium Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import os.path |
| |
| from .model import Distribution |
| |
| class CodeSignConfig(object): |
| """Code sign base configuration object. |
| |
| A CodeSignConfig contains properties that provide path component information |
| to locate products for code signing and options that control the code |
| signing process. |
| |
| The base configuration is produced from variable injection during the build |
| process. Derived configurations are created for internal signing artifacts |
| and when using |model.Distribution| objects. |
| """ |
| def __init__(self, identity, keychain=None): |
| """Creates a CodeSignConfig that will sign the product using the static |
| properties on the class, using the code signing identity passed to the |
| constructor, which is found in the specified keychain. |
| |
| Args: |
| identity: The name of the code signing identity to use. This can |
| be any value that `codesign -s <identity>` accepts, like the |
| hex-encoded SHA1 hash of the certificate. Must not be None. |
| keychain: Optional path to the keychain file, in which the signing |
| |identity| will be searched for. |
| """ |
| assert identity |
| self._identity = identity |
| self._keychain = keychain |
| |
| @property |
| def identity(self): |
| """Returns the code signing identity that will be used to sign the |
| products. |
| """ |
| return self._identity |
| |
| @property |
| def keychain(self): |
| """Returns the filename of the keychain in which |identity| will be |
| searched for. May be None. |
| """ |
| return self._keychain |
| |
| @property |
| def app_product(self): |
| """Returns the product name that is used for the outer .app bundle. |
| This is displayed to the user in Finder. |
| """ |
| return '@PRODUCT_FULLNAME@' |
| |
| @property |
| def product(self): |
| """Returns the branding product name. This can match |app_product| |
| for some release channels. Other release channels may customize |
| app_product, but components internal to the app bundle will still |
| refer to |product|. This is used to locate the build products from |
| the build system, while |app_product| is used when customizing for |
| |model.Distribution| objects. |
| """ |
| return '@PRODUCT_FULLNAME@' |
| |
| @property |
| def version(self): |
| """Returns the version of the application.""" |
| return '@MAJOR@.@MINOR@.@BUILD@.@PATCH@' |
| |
| @property |
| def base_bundle_id(self): |
| """Returns the base CFBundleIdentifier that is used for the outer app |
| bundle, and to which sub-component identifiers are appended. |
| """ |
| return '@MAC_BUNDLE_ID@' |
| |
| @property |
| def use_new_mac_bundle_structure(self): |
| """Returns True if the framework's location in the outer app bundle |
| is in the "new layout" (i.e. Contents/Frameworks rather than |
| Contents/Versions). This is temporary for https://crbug.com/958976. |
| """ |
| return '@NEW_MAC_BUNDLE_STRUCTURE@' == 'true' |
| |
| @property |
| def optional_parts(self): |
| """Returns a set of part names that are allowed to be missing when |
| signing the contents of the bundle. The part names should reflect the |
| part short name keys in the dictionary returned by signing.get_parts(). |
| """ |
| # This part requires src-internal, so it is not required for a Chromium |
| # build signing. |
| return set(('libwidevinecdm.dylib',)) |
| |
| @property |
| def codesign_options_outer_app(self): |
| """Returns the codesign -o flags for the outer app bundle.""" |
| return 'restrict' |
| |
| @property |
| def codesign_options_helpers(self): |
| """Returns the codesign -o flags for helper executables within the |
| bundle. |
| """ |
| return self.codesign_options_outer_app + ',library' |
| |
| @property |
| def codesign_options_installer_tools(self): |
| """Returns the codesign -o flags for the installer tools, which |
| are not shipped to end-users. |
| """ |
| return self.codesign_options_helpers + ',kill' |
| |
| @property |
| def codesign_requirements_basic(self): |
| """Returns the codesign --requirements string that is combined with |
| a designated identifier requirement string of a |
| |model.CodeSignedProduct|. This requirement is applied to all |
| CodeSignedProducts. |
| """ |
| return '' |
| |
| @property |
| def codesign_requirements_outer_app(self): |
| """Returns the codesign --requirements string for the outer app bundle. |
| This is used in conjunction with |codesign_requirements_basic|.""" |
| return '' |
| |
| @property |
| def provisioning_profile_basename(self): |
| """Returns the basename of the provisioning profile used to sign the |
| outer app bundle. This file with a .provisionprofile extension is |
| located in the |packaging_dir|. |
| """ |
| return None |
| |
| @property |
| def dmg_basename(self): |
| """Returns the file basename of the packaged DMG.""" |
| return '{}-{}'.format(self.app_product.replace(' ', ''), self.version) |
| |
| @property |
| def distributions(self): |
| """Returns a list of |model.Distribution| objects that customize the |
| results of signing. This must contain at least one Distribution, which |
| can be a default Distribution. |
| """ |
| return [Distribution()] |
| |
| @property |
| def run_spctl_assess(self): |
| """Returns whether the final code signed binary should be assessed by |
| Gatekeeper after signing. |
| """ |
| # The base config should not run spctl because the app bundle is |
| # currently signed with resource rules, which are only permitted for |
| # Google Chrome as signed by Google. The internal_config returns True. |
| return False |
| |
| # Computed Properties ###################################################### |
| |
| @property |
| def app_dir(self): |
| """Returns the path to the outer app bundle directory.""" |
| return '{.app_product}.app'.format(self) |
| |
| @property |
| def resources_dir(self): |
| """Returns the path to the outer app's Resources directory.""" |
| return os.path.join(self.app_dir, 'Contents', 'Resources') |
| |
| @property |
| def framework_dir(self): |
| """Returns the path to the app's framework directory.""" |
| if self.use_new_mac_bundle_structure: |
| return '{0.app_dir}/Contents/Frameworks/{0.product} Framework.framework'.format(self) |
| else: |
| return '{0.app_dir}/Contents/Versions/{0.version}/{0.product} Framework.framework'.format(self) |
| |
| @property |
| def packaging_dir(self): |
| """Returns the path to the packaging and installer tools.""" |
| return '{.product} Packaging'.format(self) |