• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/env python2.7
2#
3# Copyright 2017 Google Inc.
4#
5# Use of this source code is governed by a BSD-style license that can be
6# found in the LICENSE file.
7
8import glob
9import os
10import os.path
11import re
12import shutil
13import subprocess
14import sys
15import tempfile
16
17# Arguments to the script:
18#  pkg              path to application directory, e.g. out/Debug/dm.app
19#                   executable and plist should already be in this directory
20#  identstr         search string (regex fragment) for code signing identity
21#  profile          path or name of provisioning profile
22pkg,identstr,profile = sys.argv[1:]
23
24# Find the Google signing identity.
25identity = None
26for line in subprocess.check_output(['security', 'find-identity']).split('\n'):
27  m = re.match(r'''.*\) (.*) "''' + identstr + '"', line)
28  if m:
29    identity = m.group(1)
30assert identity
31
32# Find the Google mobile provisioning profile.
33mobileprovision = None
34if os.path.isfile(profile):
35  mobileprovision = profile
36else:
37  for p in glob.glob(os.path.join(os.environ['HOME'], 'Library', 'MobileDevice',
38                                  'Provisioning Profiles',
39                                  '*.mobileprovision')):
40    if re.search(r'''<key>Name</key>
41\t<string>''' + profile + r'''</string>''', open(p).read(), re.MULTILINE):
42      mobileprovision = p
43assert mobileprovision
44
45# The .mobileprovision just gets copied into the package.
46shutil.copy(mobileprovision,
47            os.path.join(pkg, 'embedded.mobileprovision'))
48
49# Extract the appliciation identitifer prefix from the .mobileprovision.
50m = re.search(r'''<key>ApplicationIdentifierPrefix</key>
51\t<array>
52\t<string>(.*)</string>''', open(mobileprovision).read(), re.MULTILINE)
53prefix = m.group(1)
54
55app, _ = os.path.splitext(os.path.basename(pkg))
56
57# Write a minimal entitlements file, then codesign.
58with tempfile.NamedTemporaryFile() as f:
59  f.write('''
60<plist version="1.0">
61  <dict>
62    <key>application-identifier</key> <string>{prefix}.com.google.{app}</string>
63    <key>get-task-allow</key>         <true/>
64  </dict>
65</plist>
66'''.format(prefix=prefix, app=app))
67  f.flush()
68
69  subprocess.check_call(['codesign',
70                         '--force',
71                         '--sign', identity,
72                         '--entitlements', f.name,
73                         '--timestamp=none',
74                         pkg])
75