Sign app and frameworks in simulator builds.

This has become necessary starting with Xcode 8 although we apply the signature in all cases. Signing is done without entitlements and with signing identity "-". -- MOS_MIGRATED_REVID=139606540
author: Peter Schmitt <schmitt@google.com> 2016-11-18 19:59:50 +0000
committer: Dmitry Lomov <dslomov@google.com> 2016-11-21 19:37:16 +0000
commit: 2eaa31fade12242b7075c2bbac945aeeedf985e8 (patch)
tree: 40bf986bfaee965f227950042c19b6dec961b254
parent: 67b4d5250edcefa7220e928e529b1f385e2dc464 (diff)
1 files changed, 41 insertions, 33 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java b/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java
index f3b8d351bc..eb96e5fd15 100644
--- a/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java
+++ b/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java
@@ -436,7 +436,6 @@ public final class ReleaseBundlingSupport {
     Artifact processedIpa = releaseBundling.getIpaArtifact();
     Artifact unprocessedIpa = intermediateArtifacts.unprocessedIpa();
 
-    boolean processingNeeded = false;
     NestedSetBuilder<Artifact> inputs =
         NestedSetBuilder.<Artifact>stableOrder().add(unprocessedIpa);
 
@@ -454,45 +453,58 @@ public final class ReleaseBundlingSupport {
 
     FilesToRunProvider processor = attributes.ipaPostProcessor();
     if (processor != null) {
-      processingNeeded = true;
       actionCommandLine += processor.getExecutable().getShellEscapedExecPathString() + " ${t} && ";
     }
 
-    AppleConfiguration appleConfiguration = ruleContext.getFragment(AppleConfiguration.class);
     if (platform.isDevice()) {
-      processingNeeded = true;
+      actionCommandLine += deviceSigningCommandLine();
+
       registerEntitlementsActions();
-      actionCommandLine += signingCommandLine();
-      inputs.add(releaseBundling.getProvisioningProfile()).add(
-          intermediateArtifacts.entitlements());
+      inputs.add(releaseBundling.getProvisioningProfile())
+          .add(intermediateArtifacts.entitlements());
+    } else {
+      actionCommandLine += simulatorSigningCommandLine();
     }
 
     actionCommandLine += "cd ${t} && /usr/bin/zip -q -r \"${signed_ipa}\" .";
 
-    if (processingNeeded) {
-      SpawnAction.Builder processAction =
-          ObjcRuleClasses.spawnBashOnDarwinActionBuilder(actionCommandLine)
-              .setEnvironment(
-                  ObjcRuleClasses.appleToolchainEnvironment(appleConfiguration, platform))
-              .setMnemonic("ObjcProcessIpa")
-              .setProgressMessage("Processing iOS IPA: " + ruleContext.getLabel())
-              .disableSandboxing()
-              .addTransitiveInputs(inputs.build())
-              .addOutput(processedIpa);
-
-      if (processor != null) {
-        processAction.addTool(processor);
-      }
+    AppleConfiguration appleConfiguration = ruleContext.getFragment(AppleConfiguration.class);
+    SpawnAction.Builder processAction =
+        ObjcRuleClasses.spawnBashOnDarwinActionBuilder(actionCommandLine)
+            .setEnvironment(ObjcRuleClasses.appleToolchainEnvironment(appleConfiguration, platform))
+            .setMnemonic("ObjcProcessIpa")
+            .setProgressMessage("Processing iOS IPA: " + ruleContext.getLabel())
+            .disableSandboxing()
+            .addTransitiveInputs(inputs.build())
+            .addOutput(processedIpa);
 
-      ruleContext.registerAction(processAction.build(ruleContext));
-    } else {
-      ruleContext.registerAction(
-          new SymlinkAction(
-              ruleContext.getActionOwner(), unprocessedIpa, processedIpa, "Processing IPA"));
+    if (processor != null) {
+      processAction.addTool(processor);
+    }
+
+    ruleContext.registerAction(processAction.build(ruleContext));
+  }
+
+  private String deviceSigningCommandLine() {
+    StringBuilder codesignCommandLineBuilder = new StringBuilder();
+    for (String dir : getDirsToSign()) {
+      codesignCommandLineBuilder.append(deviceCodesignCommand("${t}/" + dir)).append(" && ");
+    }
+    return codesignCommandLineBuilder.toString();
+  }
+
+  private String simulatorSigningCommandLine() {
+    StringBuilder codesignCommandLineBuilder = new StringBuilder();
+    for (String dir : getDirsToSign()) {
+      codesignCommandLineBuilder
+          .append("/usr/bin/codesign --force --sign \"-\" ${t}/")
+          .append(dir)
+          .append(" && ");
     }
+    return codesignCommandLineBuilder.toString();
   }
 
-  private String signingCommandLine() {
+  private ImmutableList<String> getDirsToSign() {
     // The order here is important. The innermost code must singed first.
     ImmutableList.Builder<String> dirsToSign = new ImmutableList.Builder<>();
     String bundleDir = ShellUtils.shellEscape(bundling.getBundleDir());
@@ -505,11 +517,7 @@ public final class ReleaseBundlingSupport {
     }
     dirsToSign.add(bundleDir);
 
-    StringBuilder codesignCommandLineBuilder = new StringBuilder();
-    for (String dir : dirsToSign.build()) {
-      codesignCommandLineBuilder.append(codesignCommand("${t}/" + dir)).append(" && ");
-    }
-    return codesignCommandLineBuilder.toString();
+    return dirsToSign.build();
   }
 
   /**
@@ -1118,7 +1126,7 @@ public final class ReleaseBundlingSupport {
     return "security cms -D -i " + ShellUtils.shellEscape(provisioningProfile.getExecPathString());
   }
 
-  private String codesignCommand(String appDir) {
+  private String deviceCodesignCommand(String appDir) {
     String signingCertName = ObjcRuleClasses.objcConfiguration(ruleContext).getSigningCertName();
     Artifact entitlements = intermediateArtifacts.entitlements();
author	Peter Schmitt <schmitt@google.com>	2016-11-18 19:59:50 +0000
committer	Dmitry Lomov <dslomov@google.com>	2016-11-21 19:37:16 +0000
commit	2eaa31fade12242b7075c2bbac945aeeedf985e8 (patch)
tree	40bf986bfaee965f227950042c19b6dec961b254
parent	67b4d5250edcefa7220e928e529b1f385e2dc464 (diff)