Add Widevine signature files into Mac build

chrome/BUILD.gn

Index: chrome/BUILD.gn
diff --git a/chrome/BUILD.gn b/chrome/BUILD.gn
index d6e93d34e896c90421074a595c7488e3c7b4859a..05b580430e73ae047d20e9689bfccf09d5e720aa 100644
--- a/chrome/BUILD.gn
+++ b/chrome/BUILD.gn
@@ -648,6 +648,10 @@ if (is_win) {
       # verify_chrome_framework_order depends on :chrome_framework and, for
       # non-component builds, will ensure the export symbol table is correct.
       ":verify_chrome_framework_order",
+
+      # framework_signed_for_widevine depends on :chrome_framework as the
+      # framework needs to be linked before signing can occur.
+      ":framework_signed_for_widevine",
     ]
   }
 
@@ -862,12 +866,25 @@ if (is_win) {
         ":widevine_cdm_library_copy",
         "//third_party/widevine/cdm:widevinecdmadapter",
       ]
+
+      # Signatures are only generated for official chrome.
+      if (is_chrome_branded) {
+        sources += [
+          "$root_out_dir/$widevine_cdm_path/widevinecdmadapter.plugin.sig",
+          "$root_out_dir/libwidevinecdm.dylib.sig",
+        ]
+        public_deps += [ ":widevine_generate_cdm_adapter_signature" ]
+      }
     }
 
     copy("widevine_cdm_library_copy") {
       sources = [
         "$root_out_dir/$widevine_cdm_path/libwidevinecdm.dylib",
       ]
+      if (is_chrome_branded) {
+        sources +=
+            [ "$root_out_dir/$widevine_cdm_path/libwidevinecdm.dylib.sig" ]
+      }
       outputs = [
         "$root_out_dir/{{source_file_part}}",
       ]
@@ -887,6 +904,62 @@ if (is_win) {
         "//third_party/widevine/cdm:widevine_cdm_manifest",
       ]
     }
+
+    action("widevine_generate_cdm_adapter_signature") {

[xhwang, 2017/01/28 00:29:38]

It seems we'll use similar action in a lot of places. Does it make sense to have
a template to avoid duplication?

[jrummell, 2017/01/28 02:05:09]

Done.

+      script = "//third_party/widevine/scripts/signature_generator.py"
+      plugin = "$root_out_dir/$widevine_cdm_path/widevinecdmadapter.plugin"
+      sources = [
+        "$plugin",
+      ]
+      outputs = [
+        "$plugin.sig",
+      ]
+      args = [
+        "--input_file",
+        rebase_path("$plugin", root_build_dir),
+        "--output_file",
+        rebase_path("$plugin.sig", root_build_dir),
+      ]
+      deps = [
+        "//third_party/widevine/cdm:widevinecdmadapter",
+      ]
+    }
+
+    # Bundle the framework signature into the app. As the framework can only

[xhwang, 2017/01/28 00:29:37]

here and everywhere else, s/framework/chrome framework/. On MacOS "framework" is
a generic term similar to app or bundle. Here we are very specific, we only need
the sig for the "chrome framework".

[jrummell, 2017/01/28 02:05:09]

Done.

+    # be signed once the framework has been linked, this can't be bundled with
+    # the framework, so :widevine_generate_framework_signature adds the
+    # signature to the framework, and this bundles it with the app.
+    bundle_data("widevine_framework_signature") {
+      sources = [
+        "$root_out_dir/$chrome_framework_name.framework/$chrome_framework_name.sig",
+      ]
+      outputs = [
+        "{{bundle_root_dir}}/Versions/$chrome_version_full/$chrome_framework_name.framework/{{source_file_part}}",
+      ]
+      public_deps = [
+        ":widevine_generate_framework_signature",
+      ]
+    }
+
+    action("widevine_generate_framework_signature") {

[xhwang, 2017/01/28 00:29:37]

ditto about naming, how about

sign_chrome_framework_by_widevine

[jrummell, 2017/01/28 02:05:09]

Done (as sign_chrome_framework_for_widevine).

+      script = "//third_party/widevine/scripts/signature_generator.py"
+      framework = "$root_out_dir/$chrome_framework_name.framework/$chrome_framework_name"
+      sources = [
+        "$framework",
+      ]
+      outputs = [
+        "$framework.sig",
+      ]
+      args = [
+        "--input_file",
+        rebase_path("$framework", root_out_dir),
+        "--output_file",
+        rebase_path("$framework.sig", root_out_dir),
+      ]
+      public_deps = [
+        ":chrome_framework",
+      ]
+    }
   }
 
   group("widevine_cdm_library") {
@@ -898,6 +971,15 @@ if (is_win) {
     }
   }
 
+  group("framework_signed_for_widevine") {
+    # Only do this for official Chrome.
+    if (is_chrome_branded && _should_bundle_widevine) {
+      deps = [
+        ":widevine_framework_signature",
+      ]
+    }
+  }
+
   if (is_chrome_branded) {
     action("keystone_registration_framework") {
       script = "//chrome/tools/build/mac/copy_keystone_framework.py"