mirror of
https://github.com/dart-lang/sdk
synced 2024-10-14 10:18:13 +00:00
4ce23629eb
This can be controlled via codesigning_identity GN arg. For example, setting codesigning_identity="-" would produce ad-hoc signed binaries. This CL also includes changes in vm/cc tests which are needed for tests to be green when running with hardened runtime. Issue https://github.com/dart-lang/sdk/issues/53928 Tested: enabled ad-hoc signing and tested on bots. Cq-Include-Trybots: luci.dart.try:vm-mac-debug-arm64-try,vm-mac-release-arm64-try,vm-mac-release-x64-try,vm-mac-debug-x64-try Change-Id: I3c3a6265c62b2904e43a326b7d8223bcfd393577 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/333401 Reviewed-by: Ryan Macnak <rmacnak@google.com> Commit-Queue: Slava Egorov <vegorov@google.com>
64 lines
2.1 KiB
Python
Executable file
64 lines
2.1 KiB
Python
Executable file
#!/usr/bin/env python3
|
|
#
|
|
# Copyright (c) 2023, the Dart project authors. Please see the AUTHORS file
|
|
# for details. All rights reserved. Use of this source code is governed by a
|
|
# BSD-style license that can be found in the LICENSE file.
|
|
#
|
|
# Sign given binaries with using the specified signing identity and
|
|
# using entitlements from runtime/tools/entitlement/${binary_name}.plist
|
|
# if any.
|
|
#
|
|
|
|
import optparse
|
|
import os
|
|
import subprocess
|
|
|
|
SCRIPT_DIR = os.path.dirname(os.path.realpath(__file__))
|
|
|
|
|
|
def SignBinary(identity, binary):
|
|
codesign_args = [
|
|
"--deep", "--force", "--verify", "--verbose", "--timestamp",
|
|
"--options", "runtime", "--sign", identity
|
|
]
|
|
|
|
name = os.path.basename(binary)
|
|
|
|
# Check if we have a matching entitlements file and apply it.
|
|
# It would be simpler if we could specify it from outside but
|
|
# GN does not give us tools for doing that: executable target can't
|
|
# push arbitrary configuration down to the link tool where
|
|
# we would like to perform code signing.
|
|
entitlements_file = os.path.join(SCRIPT_DIR, "entitlements",
|
|
name + ".plist")
|
|
if os.path.exists(entitlements_file):
|
|
codesign_args += ["--entitlements", entitlements_file]
|
|
cmd = ["codesign"] + codesign_args + [binary]
|
|
result = subprocess.run(cmd, capture_output=True, encoding="utf8")
|
|
if result.returncode != 0:
|
|
print("failed to run: " + " ".join(cmd))
|
|
print(f"exit code: {result.returncode}")
|
|
print("stdout:")
|
|
print(result.stdout)
|
|
print("stdout:")
|
|
print(result.stderr)
|
|
raise Exception("failed to codesign")
|
|
|
|
|
|
parser = optparse.OptionParser()
|
|
parser.add_option("--identity", type="string", help="Code signing identity")
|
|
parser.add_option("--binary",
|
|
type="string",
|
|
action="append",
|
|
help="Binary to sign")
|
|
options = parser.parse_args()[0]
|
|
|
|
if not options.identity:
|
|
raise Exception("Missing code signing identity (--identity)")
|
|
|
|
if not options.binary:
|
|
raise Exception("Missing binaries to sign (--binary)")
|
|
|
|
for binary in options.binary:
|
|
SignBinary(options.identity, binary)
|