Embeds the entitlements file in the binary in simulator builds.

build/config/ios/codesign.py

 # Copyright 2016 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 import argparse
 import fnmatch
 import glob
 import os
 import plistlib
 import shutil
@@ skipping 72 matching lines @@
     return self._data.get('Entitlements', {}).get('application-identifier', '')
 
   @property
   def team_identifier(self):
     return self._data.get('TeamIdentifier', [''])[0]
 
   @property
   def entitlements(self):
     return self._data.get('Entitlements', {})
 
-  def ValidToSignBundle(self, bundle):
+  def ValidToSignBundle(self, bundle_identifier):
     """Checks whether the provisioning profile can sign bundle_identifier.
 
     Args:
-      bundle: the Bundle object that needs to be signed.
+      bundle_identifier: the identifier of the bundle that needs to be signed.
 
     Returns:
       True if the mobile provisioning profile can be used to sign a bundle
       with the corresponding bundle_identifier, False otherwise.
     """
     return fnmatch.fnmatch(
-        '%s.%s' % (self.team_identifier, bundle.identifier),
+        '%s.%s' % (self.team_identifier, bundle_identifier),
         self.application_identifier_pattern)
 
   def Install(self, bundle):
     """Copies mobile provisioning profile info the bundle."""
     installation_path = os.path.join(bundle.path, 'embedded.mobileprovision')
     shutil.copy2(self.path, installation_path)
 
 
 class Entitlements(object):
   """Wraps an Entitlement plist file."""
@@ skipping 29 matching lines @@
 
   def LoadDefaults(self, defaults):
     for key, value in defaults.iteritems():
       if key not in self._data:
         self._data[key] = value
 
   def WriteTo(self, target_path):
     plistlib.writePlist(self._data, target_path)
 
 
-def FindProvisioningProfile(bundle, provisioning_profile_short_name):
+def FindProvisioningProfile(bundle_identifier, provisioning_profile_short_name):
   """Finds mobile provisioning profile to use to sign bundle.
 
   Args:
-    bundle: the Bundle object to sign.
+    bundle_identifier: the identifier of the bundle to sign.
     provisioning_profile_short_path: optional short name of the mobile
         provisioning profile file to use to sign (will still be checked
         to see if it can sign bundle).
 
   Returns:
     The ProvisioningProfile object that can be used to sign the Bundle
     object.
 
   Raises:
     InstallationError if no mobile provisioning profile can be used to
@@ skipping 15 matching lines @@
 
   if not provisioning_profile_paths:
     provisioning_profile_paths = glob.glob(
         os.path.join(provisioning_profiles_dir, '*.mobileprovision'))
 
   # Iterate over all installed mobile provisioning profiles and filter those
   # that can be used to sign the bundle.
   valid_provisioning_profiles = []
   for provisioning_profile_path in provisioning_profile_paths:
     provisioning_profile = ProvisioningProfile(provisioning_profile_path)
-    if provisioning_profile.ValidToSignBundle(bundle):
+    if provisioning_profile.ValidToSignBundle(bundle_identifier):
       valid_provisioning_profiles.append(provisioning_profile)
 
   if not valid_provisioning_profiles:
     raise InstallationError(
         'no mobile provisioning profile for "%s"',
-        bundle.identifier)
+        bundle_identifier)
 
   # Select the most specific mobile provisioning profile, i.e. the one with
   # the longest application identifier pattern.
   return max(
       valid_provisioning_profiles,
       key=lambda p: len(p.application_identifier_pattern))
 
 
 def InstallFramework(framework_path, bundle, args):
   """Install framework from |framework_path| to |bundle| and code-re-sign it."""
   installed_framework_path = os.path.join(
       bundle.path, 'Frameworks', os.path.basename(framework_path))
 
   if os.path.exists(installed_framework_path):
     shutil.rmtree(installed_framework_path)
 
   shutil.copytree(framework_path, installed_framework_path)
 
   framework_bundle = Bundle(installed_framework_path)
   CodeSignBundle(framework_bundle.binary_path, framework_bundle, args, True)
 
 
+def GenerateEntitlements(bundle_identifier, provisioning_profile, args):

[justincohen, 2016/07/29 22:28:10]

If the upstream bots can have an empty provisioning profile, we could just pass
in None for provisioning_profile.entitlements and 
provisioning_profile.team_identifier, maybe?

[sdefresne, 2016/08/02 16:58:57]

Done.

+  """Generates an entitlements file.
+
+  Args:
+    bundle_identifier: identifier of the bundle to sign.
+    provisioning_profile: ProvisioningProfile object.
+    output_path: path to the generated entitlements file.
+  """
+  entitlements = Entitlements(args.entitlements_path)
+  entitlements.LoadDefaults(provisioning_profile.entitlements)
+  entitlements.ExpandVariables({
+      'CFBundleIdentifier': bundle_identifier,
+      'AppIdentifierPrefix': '%s.' % (provisioning_profile.team_identifier,)
+  })
+  return entitlements
+
+
 def CodeSignBundle(binary, bundle, args, preserve=False):
   """Cryptographically signs bundle.
 
   Args:
     bundle: the Bundle object to sign.
     args: a dictionary with configuration settings for the code signature,
         need to define 'entitlements_path', 'provisioning_profile_short_name',
         'deep_signature' and 'identify' keys.
   """
   provisioning_profile = FindProvisioningProfile(
-      bundle, args.provisioning_profile_short_name)
+      bundle.identifier, args.provisioning_profile_short_name)
   provisioning_profile.Install(bundle)
 
   if preserve:
     process = subprocess.Popen([
         'xcrun', 'codesign', '--force', '--sign', args.identity,
         '--deep', '--preserve-metadata=identifier,entitlements',
         '--timestamp=none', bundle.path], stderr=subprocess.PIPE)
     _, stderr = process.communicate()
     if process.returncode:
       sys.stderr.write(stderr)
       sys.exit(process.returncode)
     for line in stderr.splitlines():
       # Ignore expected warning as we are replacing the signature on purpose.
       if not line.endswith(': replacing existing signature'):
         sys.stderr.write(line + '\n')
   else:
     signature_file = os.path.join(
         bundle.path, '_CodeSignature', 'CodeResources')
     if os.path.isfile(signature_file):
       os.unlink(signature_file)
 
     if os.path.isfile(bundle.binary_path):
       os.unlink(bundle.binary_path)
     shutil.copy(binary, bundle.binary_path)
 
-    entitlements = Entitlements(args.entitlements_path)
-    entitlements.LoadDefaults(provisioning_profile.entitlements)
-    entitlements.ExpandVariables({
-      'CFBundleIdentifier': bundle.identifier,
-      'AppIdentifierPrefix': '%s.' % (provisioning_profile.team_identifier,)
-    })
+    entitlements = GenerateEntitlements(
+        bundle.identifier, provisioning_profile, args)
 
     with tempfile.NamedTemporaryFile(suffix='.xcent') as temporary_file_path:
       entitlements.WriteTo(temporary_file_path.name)
       subprocess.check_call([
           'xcrun', 'codesign', '--force', '--sign', args.identity,
           '--entitlements', temporary_file_path.name, '--timestamp=none',
           bundle.path])
 
 
+def MainCodeSignBundle(args):
+  """Adapter to call CodeSignBundle from Main."""
+  bundle = Bundle(args.path)
+  for framework in args.frameworks:
+    InstallFramework(framework, bundle, args)
+  CodeSignBundle(args.binary, bundle, args)
+
+
+def MainGenerateEntitlements(args):
+  """Adapter to call GenerateEntitlements from Main."""
+  info_plist = LoadPlistFile(args.info_plist)
+  bundle_identifier = info_plist['CFBundleIdentifier']
+  provisioning_profile = FindProvisioningProfile(
+      bundle_identifier, args.provisioning_profile_short_name)
+  entitlements = GenerateEntitlements(
+      bundle_identifier, provisioning_profile, args)
+  entitlements.WriteTo(args.path)
+
+
 def Main():
   parser = argparse.ArgumentParser('codesign iOS bundles')
   parser.add_argument(
-      'path', help='path to the iOS bundle to codesign')
-  parser.add_argument(
-      '--binary', '-b', required=True,
-      help='path to the iOS bundle binary')
-  parser.add_argument(
       '--provisioning-profile', '-p', dest='provisioning_profile_short_name',
       help='short name of the mobile provisioning profile to use ('
            'if undefined, will autodetect the mobile provisioning '
            'to use)')
   parser.add_argument(
+      '--entitlements', '-e', dest='entitlements_path',
+      help='path to the entitlements file to use')
+  subparsers = parser.add_subparsers()
+
+  code_sign_bundle_parser = subparsers.add_parser(
+      'code-sign-bundle',
+      help='code sign a bundle')
+  code_sign_bundle_parser.add_argument(
+      'path', help='path to the iOS bundle to codesign')
+  code_sign_bundle_parser.add_argument(
       '--identity', '-i', required=True,
       help='identity to use to codesign')
-  parser.add_argument(
-      '--entitlements', '-e', dest='entitlements_path',
-      help='path to the entitlements file to use')
-  parser.add_argument(
+  code_sign_bundle_parser.add_argument(
+      '--binary', '-b', required=True,
+      help='path to the iOS bundle binary')
+  code_sign_bundle_parser.add_argument(
       '--framework', '-F', action='append', default=[], dest="frameworks",
       help='install and resign system framework')
+  code_sign_bundle_parser.set_defaults(func=MainCodeSignBundle)
+
+  generate_entitlements_parser = subparsers.add_parser(
+      'generate-entitlements',
+      help='generate entitlements file')
+  generate_entitlements_parser.add_argument(
+      'path', help='path to the entitlements file to generate')
+  generate_entitlements_parser.add_argument(
+      '--info-plist', '-p', required=True,
+      help='path to the bundle Info.plist')
+  generate_entitlements_parser.set_defaults(
+      func=MainGenerateEntitlements)
+
   args = parser.parse_args()
-
-  bundle = Bundle(args.path)
-  for framework in args.frameworks:
-    InstallFramework(framework, bundle, args)
-
-  CodeSignBundle(args.binary, bundle, args)
+  args.func(args)
 
 
 if __name__ == '__main__':
   sys.exit(Main())