diff options
author | 2016-11-18 19:59:50 +0000 | |
---|---|---|
committer | 2016-11-21 19:37:16 +0000 | |
commit | 2eaa31fade12242b7075c2bbac945aeeedf985e8 (patch) | |
tree | 40bf986bfaee965f227950042c19b6dec961b254 | |
parent | 67b4d5250edcefa7220e928e529b1f385e2dc464 (diff) |
Sign app and frameworks in simulator builds.
This has become necessary starting with Xcode 8 although we apply the signature
in all cases. Signing is done without entitlements and with signing identity
"-".
--
MOS_MIGRATED_REVID=139606540
-rw-r--r-- | src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java | 74 |
1 files changed, 41 insertions, 33 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java b/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java index f3b8d351bc..eb96e5fd15 100644 --- a/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java +++ b/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java @@ -436,7 +436,6 @@ public final class ReleaseBundlingSupport { Artifact processedIpa = releaseBundling.getIpaArtifact(); Artifact unprocessedIpa = intermediateArtifacts.unprocessedIpa(); - boolean processingNeeded = false; NestedSetBuilder<Artifact> inputs = NestedSetBuilder.<Artifact>stableOrder().add(unprocessedIpa); @@ -454,45 +453,58 @@ public final class ReleaseBundlingSupport { FilesToRunProvider processor = attributes.ipaPostProcessor(); if (processor != null) { - processingNeeded = true; actionCommandLine += processor.getExecutable().getShellEscapedExecPathString() + " ${t} && "; } - AppleConfiguration appleConfiguration = ruleContext.getFragment(AppleConfiguration.class); if (platform.isDevice()) { - processingNeeded = true; + actionCommandLine += deviceSigningCommandLine(); + registerEntitlementsActions(); - actionCommandLine += signingCommandLine(); - inputs.add(releaseBundling.getProvisioningProfile()).add( - intermediateArtifacts.entitlements()); + inputs.add(releaseBundling.getProvisioningProfile()) + .add(intermediateArtifacts.entitlements()); + } else { + actionCommandLine += simulatorSigningCommandLine(); } actionCommandLine += "cd ${t} && /usr/bin/zip -q -r \"${signed_ipa}\" ."; - if (processingNeeded) { - SpawnAction.Builder processAction = - ObjcRuleClasses.spawnBashOnDarwinActionBuilder(actionCommandLine) - .setEnvironment( - ObjcRuleClasses.appleToolchainEnvironment(appleConfiguration, platform)) - .setMnemonic("ObjcProcessIpa") - .setProgressMessage("Processing iOS IPA: " + ruleContext.getLabel()) - .disableSandboxing() - .addTransitiveInputs(inputs.build()) - .addOutput(processedIpa); - - if (processor != null) { - processAction.addTool(processor); - } + AppleConfiguration appleConfiguration = ruleContext.getFragment(AppleConfiguration.class); + SpawnAction.Builder processAction = + ObjcRuleClasses.spawnBashOnDarwinActionBuilder(actionCommandLine) + .setEnvironment(ObjcRuleClasses.appleToolchainEnvironment(appleConfiguration, platform)) + .setMnemonic("ObjcProcessIpa") + .setProgressMessage("Processing iOS IPA: " + ruleContext.getLabel()) + .disableSandboxing() + .addTransitiveInputs(inputs.build()) + .addOutput(processedIpa); - ruleContext.registerAction(processAction.build(ruleContext)); - } else { - ruleContext.registerAction( - new SymlinkAction( - ruleContext.getActionOwner(), unprocessedIpa, processedIpa, "Processing IPA")); + if (processor != null) { + processAction.addTool(processor); + } + + ruleContext.registerAction(processAction.build(ruleContext)); + } + + private String deviceSigningCommandLine() { + StringBuilder codesignCommandLineBuilder = new StringBuilder(); + for (String dir : getDirsToSign()) { + codesignCommandLineBuilder.append(deviceCodesignCommand("${t}/" + dir)).append(" && "); + } + return codesignCommandLineBuilder.toString(); + } + + private String simulatorSigningCommandLine() { + StringBuilder codesignCommandLineBuilder = new StringBuilder(); + for (String dir : getDirsToSign()) { + codesignCommandLineBuilder + .append("/usr/bin/codesign --force --sign \"-\" ${t}/") + .append(dir) + .append(" && "); } + return codesignCommandLineBuilder.toString(); } - private String signingCommandLine() { + private ImmutableList<String> getDirsToSign() { // The order here is important. The innermost code must singed first. ImmutableList.Builder<String> dirsToSign = new ImmutableList.Builder<>(); String bundleDir = ShellUtils.shellEscape(bundling.getBundleDir()); @@ -505,11 +517,7 @@ public final class ReleaseBundlingSupport { } dirsToSign.add(bundleDir); - StringBuilder codesignCommandLineBuilder = new StringBuilder(); - for (String dir : dirsToSign.build()) { - codesignCommandLineBuilder.append(codesignCommand("${t}/" + dir)).append(" && "); - } - return codesignCommandLineBuilder.toString(); + return dirsToSign.build(); } /** @@ -1118,7 +1126,7 @@ public final class ReleaseBundlingSupport { return "security cms -D -i " + ShellUtils.shellEscape(provisioningProfile.getExecPathString()); } - private String codesignCommand(String appDir) { + private String deviceCodesignCommand(String appDir) { String signingCertName = ObjcRuleClasses.objcConfiguration(ruleContext).getSigningCertName(); Artifact entitlements = intermediateArtifacts.entitlements(); |