bockbuild/mac-sdk-xamarin/profile.py

   1 import itertools
   2 import os
   3 import re
   4 import shutil
   5 import string
   6 import sys
   7 import tempfile
   8 import traceback
   9
  10 from glob import glob
  11
  12 from MonoReleaseProfile import MonoReleaseProfile
  13 from bockbuild.util.util import *
  14
  15
  16 class MonoXamarinPackageProfile(MonoReleaseProfile):
  17
  18     def __init__(self):
  19         MonoReleaseProfile.__init__(self)
  20
  21         # add the private stuff
  22         self.packages_to_build.extend(['mono-extensions'])
  23
  24         if self.cmd_options.release_build:
  25             self.setup_codesign()
  26         else:
  27             info("'--release' option not set, will not attempt to sign package!")
  28
  29         self.cache_host = 'http://storage.bos.xamarin.com/bockbuild_cache/'
  30
  31     def setup_codesign(self):
  32         self.identity = "Developer ID Installer: Xamarin Inc"
  33
  34         output = backtick("security -v find-identity")
  35         if self.identity not in " ".join(output):
  36             error("Identity '%s' was not found. You can create an unsigned package by removing '--release' to your command line." % self.identity)
  37
  38         password = os.getenv("CODESIGN_KEYCHAIN_PASSWORD")
  39         if password:
  40             print "Unlocking the keychain"
  41             run_shell("security unlock-keychain -p %s" % password)
  42         else:
  43             error("CODESIGN_KEYCHAIN_PASSWORD needs to be defined.")
  44
  45     def setup_release(self):
  46         MonoReleaseProfile.setup_release(self)
  47         self.release_packages['mono'].configure_flags.extend(
  48             ['--enable-extension-module=xamarin --enable-native-types --enable-pecrypt'])
  49         info('Xamarin extensions enabled')
  50
  51     def run_pkgbuild(self, working_dir, package_type):
  52         output = MonoReleaseProfile.run_pkgbuild(
  53             self, working_dir, package_type)
  54
  55         output_unsigned = os.path.join(os.path.dirname(
  56             output), os.path.basename(output).replace('.pkg', '.UNSIGNED.pkg'))
  57         shutil.move(output, output_unsigned)
  58
  59         if not self.cmd_options.release_build:
  60             return output_unsigned
  61
  62         productsign = "/usr/bin/productsign"
  63         productsign_cmd = ' '.join([productsign,
  64                                     "-s '%s'" % self.identity,
  65                                     "'%s'" % output_unsigned,
  66                                     "'%s'" % output])
  67         run_shell(productsign_cmd)
  68         os.remove(output_unsigned)
  69         self.verify_codesign(output)
  70
  71         return output
  72
  73     def verify_codesign(self, pkg):
  74         oldcwd = os.getcwd()
  75         try:
  76             name = os.path.basename(pkg)
  77             pkgdir = os.path.dirname(pkg)
  78             os.chdir(pkgdir)
  79             spctl = "/usr/sbin/spctl"
  80             spctl_cmd = ' '.join(
  81                 [spctl, "-vvv", "--assess", "--type install", name, "2>&1"])
  82             output = backtick(spctl_cmd)
  83
  84             if "accepted" in " ".join(output):
  85                 warn("%s IS SIGNED" % pkg)
  86             else:
  87                 error("%s IS NOT SIGNED:" % pkg)
  88         finally:
  89             os.chdir(oldcwd)