def __unlock(self):
if self._useCertFile:
password = secrets.token_urlsafe(16)
if not utils.system(["security", "create-keychain", "-p", password, self.loginKeychain], stdout=subprocess.DEVNULL, secret=[password]):
return False
# FIXME: Retain original list: security list-keychains -d user -s "${KEYCHAIN}" $(security list-keychains -d user | sed s/\"//g)
if not utils.system(["security", "list-keychains", "-d", "user", "-s", self.loginKeychain], stdout=subprocess.DEVNULL, secret=[password]):
return False
def importCert(cert, pwKey):
pw = CraftChoicePrompt.promptForPassword(message=f"Enter the password for certificate: {Path(cert).name}", key=pwKey)
return utils.system(["security", "import", cert, "-k", self.loginKeychain, "-P", pw, "-T", "/usr/bin/codesign", "-T", "/usr/bin/productsign"], stdout=subprocess.DEVNULL, secret=[password, pw])
if self.certFileApplication:
if not importCert(self.certFileApplication, "MAC_CERTIFICATE_APPLICATION_PASSWORD"):
return False
if self.certFilesInstaller:
if not importCert(self.certFilesInstaller, "MAC_CERTIFICATE_INSTALLER_PASSWORD"):
return False
if not utils.system(["security", "set-key-partition-list", "-S", "apple-tool:,apple:,codesign:", "-s", "-k", password, self.loginKeychain], stdout=subprocess.DEVNULL, secret=[password]):
CraftCore.log.error("Failed to set key partition list.")
return False
else:
if CraftCore.settings.getboolean("CodeSigning", "Protected", False):
password = CraftChoicePrompt.promptForPassword(message="Enter the password for your signing keychain", key="MAC_KEYCHAIN_PASSWORD")
if not utils.system(["security", "unlock-keychain", "-p", password, self.loginKeychain], stdout=subprocess.DEVNULL, secret=[password]):
CraftCore.log.error("Failed to unlock keychain.")
return False
return True
def importCert(cert, pwKey):
pw = CraftChoicePrompt.promptForPassword(
message=
f"Enter the password for certificate: {Path(cert).name}",
key=pwKey)
return utils.system([
"security", "import", cert, "-k", self.loginKeychain, "-P",
pw, "-T", "/usr/bin/codesign", "-T", "/usr/bin/productsign"
],
stdout=subprocess.DEVNULL,
secret=[password])
def signWindows(fileNames: [str]) -> bool:
if not CraftCore.settings.getboolean("CodeSigning", "Enabled", False):
return True
if not CraftCore.compiler.isWindows:
CraftCore.log.warning(
"Code signing is currently only supported on Windows")
return True
signTool = CraftCore.cache.findApplication("signtool", forceCache=True)
if not signTool:
env = SetupHelper.getMSVCEnv()
signTool = CraftCore.cache.findApplication("signtool",
env["PATH"],
forceCache=True)
if not signTool:
CraftCore.log.warning(
"Code signing requires a VisualStudio installation")
return False
command = [
signTool, "sign", "/tr", "http://timestamp.digicert.com", "/td",
"SHA256", "/fd", "SHA256", "/a"
]
certFile = CraftCore.settings.get("CodeSigning", "Certificate", "")
subjectName = CraftCore.settings.get("CodeSigning", "CommonName", "")
certProtected = CraftCore.settings.getboolean("CodeSigning", "Protected",
False)
kwargs = dict()
if certFile:
command += ["/f", certFile]
if subjectName:
command += ["/n", subjectName]
if certProtected:
password = CraftChoicePrompt.promptForPassword(
message='Enter the password for your package signing certificate',
key="WINDOWS_CODE_SIGN_CERTIFICATE_PASSWORD")
command += ["/p", password]
kwargs["secret"] = [password]
if True or CraftCore.debug.verbose() > 0:
command += ["/v"]
else:
command += ["/q"]
for args in utils.limitCommandLineLength(command, fileNames):
if not utils.system(args, **kwargs):
return False
return True