This repository has been archived by the owner on Jan 31, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcodesigner_service.go
83 lines (74 loc) · 2.35 KB
/
codesigner_service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package codesigner
import (
"context"
"flag"
"fmt"
"io/ioutil"
"os/exec"
"sync"
)
var defaultKeychainPath = flag.String("keychain", "buildbot.keychain", "Path to keychain containing developer IDs")
var password = flag.String("password", "", "Password for the keychain")
// Test helper
var execCommand = exec.Command
type CodeSigner struct {
lock sync.Mutex
}
func unlockKeychain(password string, keychainPath string) (string, error) {
cmd := execCommand("security", "unlock-keychain", "-p", password, keychainPath)
out, err := cmd.CombinedOutput()
return string(out), err
}
func lockKeychain(keychainPath string) (string, error) {
cmd := execCommand("security", "lock-keychain", keychainPath)
out, err := cmd.CombinedOutput()
return string(out), err
}
func (s *CodeSigner) SignPackage(ctx context.Context, req *SignPackageRequest) (*SignPackageReply, error) {
s.lock.Lock()
defer s.lock.Unlock()
unlock, err := unlockKeychain(*password, *defaultKeychainPath)
if err != nil {
return nil, fmt.Errorf("Failed to unlock keychain: %v; %s", err, unlock)
}
defer lockKeychain(*defaultKeychainPath)
temp, err := ioutil.TempFile("", "codesigner")
if err != nil {
return nil, fmt.Errorf("Failed to create temp file for signing: %v", err)
}
_, err = temp.Write(req.GetPackage())
if err != nil {
return nil, fmt.Errorf("Failed to write temp file: %v", err)
}
temp.Close()
cmd := execCommand("codesign", "-fv", "-s", req.GetDeveloperId(), temp.Name())
out, err := cmd.CombinedOutput()
if err != nil {
return nil, fmt.Errorf("Failed to codesign: %s", out)
}
signed, err := ioutil.ReadFile(temp.Name())
if err != nil {
return nil, fmt.Errorf("Failed to read back signed data: %v", err)
}
return &SignPackageReply{
SignedPackage: signed,
CodesignOutput: string(out),
}, nil
}
func (s *CodeSigner) VerifyPackage(ctx context.Context, req *VerifyPackageRequest) (*VerifyPackageReply, error) {
temp, err := ioutil.TempFile("", "codesigner")
if err != nil {
return nil, fmt.Errorf("Failed to create temp file for verifying: %v", err)
}
_, err = temp.Write(req.GetPackage())
if err != nil {
return nil, fmt.Errorf("Failed to write temp file: %v", err)
}
temp.Close()
cmd := execCommand("codesign", "-vvv", temp.Name())
out, err := cmd.CombinedOutput()
return &VerifyPackageReply{
Ok: err == nil,
CodesignOutput: string(out),
}, nil
}