bockbuild/mac-sdk-xamarin/profile.py

   1 import itertools
   2 import os
   3 import re
   4 import shutil
   5 import string
   6 import sys
   7 import tempfile
   8 import traceback
   9
  10 from glob import glob
  11
  12 from MacSDK import profile
  13 from bockbuild.util.util import *
  14
  15
  16 class MonoXamarinPackageProfile(MonoReleaseProfile):
  17     description = 'Signed package'
  18
  19     def attach (self, bockbuild):
  20         print dir(bockbuild)
  21         MonoReleaseProfile.attach(self, bockbuild)
  22         bockbuild.packages_to_build.extend(['mono-extensions'])
  23         if bockbuild.cmd_options.release_build:
  24             self.setup_codesign()
  25         else:
  26             info("'--release' option not set, will not attempt to sign package!")
  27
  28         self.cache_host = 'http://storage.bos.xamarin.com/bockbuild_cache/'
  29
  30     def setup_codesign(self):
  31         self.identity = "Developer ID Installer: Xamarin Inc"
  32
  33         output = backtick("security -v find-identity")
  34         if self.identity not in " ".join(output):
  35             error("Identity '%s' was not found. You can create an unsigned package by removing '--release' to your command line." % self.identity)
  36
  37         password = os.getenv("CODESIGN_KEYCHAIN_PASSWORD")
  38         if password:
  39             print "Unlocking the keychain"
  40             run_shell("security unlock-keychain -p %s" % password)
  41         else:
  42             error("CODESIGN_KEYCHAIN_PASSWORD needs to be defined.")
  43
  44     def setup_release(self):
  45         MonoReleaseProfile.setup_release(self)
  46         self.release_packages['mono'].configure_flags.extend(
  47             ['--enable-extension-module=xamarin --enable-native-types --enable-pecrypt'])
  48         info('Xamarin extensions enabled')
  49
  50     def run_pkgbuild(self, working_dir, package_type):
  51         output = MonoReleaseProfile.run_pkgbuild(
  52             self, working_dir, package_type)
  53
  54         output_unsigned = os.path.join(os.path.dirname(
  55             output), os.path.basename(output).replace('.pkg', '.UNSIGNED.pkg'))
  56         shutil.move(output, output_unsigned)
  57
  58         if not self.cmd_options.release_build:
  59             return output_unsigned
  60
  61         productsign = "/usr/bin/productsign"
  62         productsign_cmd = ' '.join([productsign,
  63                                     "-s '%s'" % self.identity,
  64                                     "'%s'" % output_unsigned,
  65                                     "'%s'" % output])
  66         run_shell(productsign_cmd)
  67         os.remove(output_unsigned)
  68         self.verify_codesign(output)
  69
  70         return output
  71
  72     def verify_codesign(self, pkg):
  73         oldcwd = os.getcwd()
  74         try:
  75             name = os.path.basename(pkg)
  76             pkgdir = os.path.dirname(pkg)
  77             os.chdir(pkgdir)
  78             spctl = "/usr/sbin/spctl"
  79             spctl_cmd = ' '.join(
  80                 [spctl, "-vvv", "--assess", "--type install", name, "2>&1"])
  81             output = backtick(spctl_cmd)
  82
  83             if "accepted" in " ".join(output):
  84                 warn("%s IS SIGNED" % pkg)
  85             else:
  86                 error("%s IS NOT SIGNED:" % pkg)
  87         finally:
  88             os.chdir(oldcwd)
  89
  90 MonoXamarinPackageProfile()