-
Mark Mentovai authored
Xcode 12.0b4 and later produce ad-hoc linker-signed code, but codesign --sign on OS versions earlier than 11.0 doesn't know anything about linker-signed code, and only sees an ad-hoc signature that it refuses to replace without --force. Detect this condition by looking for the linker-signed code signature flag in codesign --display output, and adding --force to the codesign --sign invocation if required. --force won't be used on an OS version where codesign --sign should handle this properly on its own, for x86_64 code, for unsigned arm64 code, or for signed but not linker-signed arm64 code. This was tested on macOS 10.15.6 19G2021 by building the "installer" target and running: out/release_arm64/Chromium Packaging/sign_chrome.py \ --identity=- \ --input=out/release_arm64 \ --output=/tmp/release_arm64_signed \ --development Bug: 1130270 Change-Id: I6f817b74b515d7476a59ed200ed79ed4829e2936 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2420529 Commit-Queue: Michael Moss <mmoss@chromium.org> Reviewed-by:Michael Moss <mmoss@chromium.org> Cr-Commit-Position: refs/heads/master@{#808746}
8e602f66
