Mac signing: Update spctl --assess comments; adjust defaults.

This used to fail on non-Google Chrome builds due to the use of custom resource rules, but we don’t do that any more. Adjust defaults. BUG=none Change-Id: Ic9e0b110fdcb47feb8878be35feb60f326556789 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1762759Reviewed-by: Robert Sesek <rsesek@chromium.org> Commit-Queue: Avi Drissman <avi@chromium.org> Cr-Commit-Position: refs/heads/master@{#689963}

Mac signing: Update spctl --assess comments; adjust defaults.
This used to fail on non-Google Chrome builds due to the use of custom resource rules, but we don’t do that any more. Adjust defaults. BUG=none Change-Id: Ic9e0b110fdcb47feb8878be35feb60f326556789 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1762759Reviewed-by: Robert Sesek <rsesek@chromium.org> Commit-Queue: Avi Drissman <avi@chromium.org> Cr-Commit-Position: refs/heads/master@{#689963}
06c2436e · Avi Drissman · Commit Bot · 25ac530b · 06c2436e · 06c2436e
Commit 06c2436e authored Aug 23, 2019 by Avi Drissman Committed by Commit Bot Aug 23, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 6 deletions

chrome/installer/mac/sign_chrome.py chrome/installer/mac/sign_chrome.py +2 -0

chrome/installer/mac/signing/config.py.in chrome/installer/mac/signing/config.py.in +3 -6

No files found.
--- a/chrome/installer/mac/sign_chrome.py
+++ b/chrome/installer/mac/sign_chrome.py
@@ -51,6 +51,8 @@ def create_config(config_args, development):

            @property
            def run_spctl_assess(self):
+                # Self-signed or ad-hoc signed signing identities won't pass
+                # spctl assessment so don't do it.
                return False

        config_class = DevelopmentCodeSignConfig

--- a/chrome/installer/mac/signing/config.py.in
+++ b/chrome/installer/mac/signing/config.py.in
@@ -39,9 +39,9 @@ class CodeSignConfig(object):
            notary_password: Optional string password or password reference
                (e.g. @keychain, see `xcrun altool -h`) that will be used to
                authenticate to Apple's notary service if notarizing.
-            notary_asc_provider: Optitonal string that will be used as the
+            notary_asc_provider: Optional string that will be used as the
                `--asc-provider` argument to `xcrun altool`, to be used when
-                notary_user is associatetd with multiple Apple developer teams.
+                notary_user is associated with multiple Apple developer teams.
        """
        assert identity
        self._identity = identity
@@ -164,10 +164,7 @@ class CodeSignConfig(object):
        """Returns whether the final code signed binary should be assessed by
        Gatekeeper after signing.
        """
-        # The base config should not run spctl because the app bundle is
-        # currently signed with resource rules, which are only permitted for
-        # Google Chrome as signed by Google. The internal_config returns True.
-        return False
+        return True

    # Computed Properties ######################################################