in tools/codesigningtool/codesigningtool.py [0:0]
def _invoke_codesign(codesign_path, identity, entitlements, force_signing,
disable_timestamp, full_path_to_sign, extra):
"""Invokes the codesign tool on the given path to sign.
Args:
codesign_path: Path to the codesign tool as a string.
identity: The unique identifier string to identify code signatures.
entitlements: Path to the file with entitlement data. Optional.
force_signing: If true, replaces any existing signature on the path given.
disable_timestamp: If true, disables the use of timestamp services.
full_path_to_sign: Path to the bundle or binary to code sign as a string.
"""
cmd = [codesign_path, "-v", "--sign", identity]
if entitlements:
cmd.extend([
"--generate-entitlement-der",
"--entitlements",
entitlements,
])
if force_signing:
cmd.append("--force")
if disable_timestamp:
cmd.append("--timestamp=none")
cmd.append(full_path_to_sign)
cmd.extend(extra)
# Just like Xcode, ensure CODESIGN_ALLOCATE is set to point to the correct
# version.
custom_env = {"CODESIGN_ALLOCATE": _find_codesign_allocate()}
_, stdout, stderr = execute.execute_and_filter_output(cmd,
custom_env=custom_env,
raise_on_failure=True)
if stdout:
filtered_stdout = _filter_codesign_output(stdout)
if filtered_stdout:
print(filtered_stdout)
if stderr:
filtered_stderr = _filter_codesign_output(stderr)
if filtered_stderr:
print(filtered_stderr)