From 87615b2342950fd3a17b60c4eb5383803d28aa9f Mon Sep 17 00:00:00 2001
From: Googler <noreply@google.com>
Date: Tue, 12 May 2015 21:33:02 +0000
Subject: Description redacted. -- MOS_MIGRATED_REVID=93454041

---
 .../lib/rules/objc/ReleaseBundlingSupport.java     | 38 +++++++---------------
 1 file changed, 11 insertions(+), 27 deletions(-)

(limited to 'src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java')

diff --git a/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java b/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java
index f98185c15e..a525a026ee 100644
--- a/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java
+++ b/src/main/java/com/google/devtools/build/lib/rules/objc/ReleaseBundlingSupport.java
@@ -604,18 +604,10 @@ public final class ReleaseBundlingSupport {
         .setExecutable(new PathFragment("/bin/bash"))
         .addArgument("-c")
         .addArgument("set -e &&"
-            + " PLIST=$(" + extractPlistCommand(attributes.provisioningProfile()) + ") && "
-
-            // We think PlistBuddy uses PRead internally to seek through the file. Or possibly
-            // mmaps the file. Or something similar.
-            //
-            // Pipe FDs do not support PRead or mmap, though.
-            //
-            // <<< however does something magical like write to a temporary file or something
-            // like that internally, which means that this Just Works.
-            + " PREFIX=$(/usr/libexec/PlistBuddy -c 'Print ApplicationIdentifierPrefix:0'"
-            + " /dev/stdin <<< \"${PLIST}\") && "
-            + " echo ${PREFIX} > " + teamPrefixFile.getExecPathString())
+            + "PLIST=$(mktemp -t teamprefix.plist) && trap \"rm ${PLIST}\" EXIT && "
+            + extractPlistCommand(attributes.provisioningProfile()) + " > ${PLIST} && "
+            + "/usr/libexec/PlistBuddy -c 'Print ApplicationIdentifierPrefix:0' ${PLIST} > "
+            + teamPrefixFile.getExecPathString())
         .addInput(attributes.provisioningProfile())
         .addOutput(teamPrefixFile)
         .build(ruleContext));
@@ -634,19 +626,10 @@ public final class ReleaseBundlingSupport {
         .setExecutable(new PathFragment("/bin/bash"))
         .addArgument("-c")
         .addArgument("set -e && "
-            + "PLIST=$("
-            + extractPlistCommand(attributes.provisioningProfile()) + ") && "
-
-            // We think PlistBuddy uses PRead internally to seek through the file. Or possibly
-            // mmaps the file. Or something similar.
-            //
-            // Pipe FDs do not support PRead or mmap, though.
-            //
-            // <<< however does something magical like write to a temporary file or something
-            // like that internally, which means that this Just Works.
-
-            + "/usr/libexec/PlistBuddy -x -c 'Print Entitlements' /dev/stdin <<< \"${PLIST}\" "
-            + "> " + entitlements.getExecPathString())
+            + "PLIST=$(mktemp -t entitlements.plist) && trap \"rm ${PLIST}\" EXIT && "
+            + extractPlistCommand(attributes.provisioningProfile()) + " > ${PLIST} && "
+            + "/usr/libexec/PlistBuddy -x -c 'Print Entitlements' ${PLIST} > "
+            + entitlements.getExecPathString())
         .addInput(attributes.provisioningProfile())
         .addOutput(entitlements)
         .build(ruleContext));
@@ -687,8 +670,9 @@ public final class ReleaseBundlingSupport {
   private String codesignCommand(
       Artifact provisioningProfile, Artifact entitlements, String appDir) {
     String fingerprintCommand =
-        "/usr/libexec/PlistBuddy -c 'Print DeveloperCertificates:0' /dev/stdin <<< "
-            + "$(" + extractPlistCommand(provisioningProfile) + ") | "
+        "PLIST=$(mktemp -t cert.plist) && trap \"rm ${PLIST}\" EXIT && "
+            + extractPlistCommand(provisioningProfile) + " > ${PLIST} && "
+            + "/usr/libexec/PlistBuddy -c 'Print DeveloperCertificates:0' ${PLIST} | "
             + "openssl x509 -inform DER -noout -fingerprint | "
             + "cut -d= -f2 | sed -e 's#:##g'";
     return String.format(
-- 
cgit v1.2.3