Remove the keychain argument from the Mac packaging code.

It's ignored by the Mac codesigning apparatus nowadays, anyway,
so this simplifies things.

Bug: 913074
Change-Id: I1aff929788171821a835bd5a4eed5514fe2df1be
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1876764Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#708794}

chrome/installer/mac/notarize_thing.py

@@ -63,7 +63,7 @@ def main():
 
         config_class = OverrideBundleIDConfig
 
-    config = config_class('notused', 'notused', None, args.user, args.password,
+    config = config_class('notused', 'notused', args.user, args.password,
                           args.asc_provider)
 
     uuids = []

chrome/installer/mac/sign_chrome.py

@@ -68,7 +68,8 @@ def main():
     parser = argparse.ArgumentParser(
         description='Code sign and package Chrome for channel distribution.')
     parser.add_argument(
-        '--keychain', help='The keychain to load the identity from.')
+        '--keychain',
+        help='The keychain to load the identity from. OBSOLETE AND INGORED.')
     parser.add_argument(
         '--identity',
         required=True,
@@ -134,9 +135,8 @@ def main():
                          'are required with --notarize.')
 
     config = create_config(
-        (args.identity, args.installer_identity, args.keychain,
-         args.notary_user, args.notary_password, args.notary_asc_provider),
-        args.development)
+        (args.identity, args.installer_identity, args.notary_user,
+         args.notary_password, args.notary_asc_provider), args.development)
     paths = model.Paths(args.input, args.output, None)
 
     if not os.path.exists(paths.output):

chrome/installer/mac/signing/config.py

@@ -32,13 +32,12 @@ class CodeSignConfig(object):
     def __init__(self,
                  identity,
                  installer_identity=None,
-                 keychain=None,
                  notary_user=None,
                  notary_password=None,
                  notary_asc_provider=None):
         """Creates a CodeSignConfig that will sign the product using the static
         properties on the class, using the code signing identity passed to the
-        constructor, which is found in the specified keychain.
+        constructor.
 
         Args:
             identity: The name of the code signing identity to use for non-PKG
@@ -51,8 +50,6 @@ class CodeSignConfig(object):
                 hash is not a valid option, as it is for |identity| above. The
                 common name of the cert will work. If there is any distribution
                 that is packaged in a PKG this must not be None.
-            keychain: Optional path to the keychain file, in which the signing
-                |identity| will be searched for.
             notary_user: Optional string username that will be used to
                 authenticate to Apple's notary service if notarizing.
             notary_password: Optional string password or password reference
@@ -65,7 +62,6 @@ class CodeSignConfig(object):
         assert identity
         self._identity = identity
         self._installer_identity = installer_identity
-        self._keychain = keychain
         self._notary_user = notary_user
         self._notary_password = notary_password
         self._notary_asc_provider = notary_asc_provider
@@ -84,13 +80,6 @@ class CodeSignConfig(object):
         """
         return self._installer_identity
 
-    @property
-    def keychain(self):
-        """Returns the filename of the keychain in which |identity| will be
-        searched for. May be None.
-        """
-        return self._keychain
-
     @property
     def notary_user(self):
         """Returns the username for authenticating to Apple's notary service."""

chrome/installer/mac/signing/model.py

@@ -266,8 +266,8 @@ class Distribution(object):
 
         return DistributionCodeSignConfig(
             base_config.identity, base_config.installer_identity,
-            base_config.keychain, base_config.notary_user,
-            base_config.notary_password, base_config.notary_asc_provider)
+            base_config.notary_user, base_config.notary_password,
+            base_config.notary_asc_provider)
 
 
 class Paths(object):

chrome/installer/mac/signing/pipeline.py

@@ -209,8 +209,6 @@ def _package_and_sign_pkg(paths, dist_config):
         # Assume if the config has notary authentication information that the
         # products will be notarized, which requires a secure timestamp.
         command.append('--timestamp')
-    if dist_config.keychain:
-        command.extend(['--keychain', dist_config.keychain])
     command.append(product_pkg_path)
     commands.run_command(command)
 

chrome/installer/mac/signing/signing.py

@@ -190,8 +190,6 @@ def sign_part(paths, config, part):
     reqs = part.requirements_string(config)
     if reqs:
         command.extend(['--requirements', '=' + reqs])
-    if config.keychain:
-        command.extend(['--keychain', config.keychain])
     if part.options:
         command.extend(['--options', ','.join(part.options)])
     if part.entitlements:

chrome/installer/mac/signing/signing_test.py

@@ -113,16 +113,6 @@ class TestSignPart(unittest.TestCase):
     def test_sign_part(self, run_command):
         part = model.CodeSignedProduct('Test.app', 'test.signing.app')
         signing.sign_part(self.paths, self.config, part)
-        run_command.assert_called_once_with([
-            'codesign', '--sign', '[IDENTITY]', '--timestamp', '--requirements',
-            '=designated => identifier "test.signing.app"', '--keychain',
-            '[KEYCHAIN]', '$W/Test.app'
-        ])
-
-    def test_sign_part_no_keychain(self, run_command):
-        config = test_config.TestConfig(identity='[IDENTITY]', keychain=None)
-        part = model.CodeSignedProduct('Test.app', 'test.signing.app')
-        signing.sign_part(self.paths, config, part)
         run_command.assert_called_once_with([
             'codesign', '--sign', '[IDENTITY]', '--timestamp', '--requirements',
             '=designated => identifier "test.signing.app"', '$W/Test.app'
@@ -134,18 +124,15 @@ class TestSignPart(unittest.TestCase):
         signing.sign_part(self.paths, config, part)
         run_command.assert_called_once_with([
             'codesign', '--sign', '[IDENTITY]', '--requirements',
-            '=designated => identifier "test.signing.app"', '--keychain',
-            '[KEYCHAIN]', '$W/Test.app'
+            '=designated => identifier "test.signing.app"', '$W/Test.app'
         ])
 
     def test_sign_part_no_identifier_requirement(self, run_command):
         part = model.CodeSignedProduct(
             'Test.app', 'test.signing.app', identifier_requirement=False)
         signing.sign_part(self.paths, self.config, part)
-        run_command.assert_called_once_with([
-            'codesign', '--sign', '[IDENTITY]', '--timestamp', '--keychain',
-            '[KEYCHAIN]', '$W/Test.app'
-        ])
+        run_command.assert_called_once_with(
+            ['codesign', '--sign', '[IDENTITY]', '--timestamp', '$W/Test.app'])
 
     def test_sign_with_identifier(self, run_command):
         part = model.CodeSignedProduct(
@@ -154,8 +141,7 @@ class TestSignPart(unittest.TestCase):
         run_command.assert_called_once_with([
             'codesign', '--sign', '[IDENTITY]', '--timestamp', '--identifier',
             'test.signing.app', '--requirements',
-            '=designated => identifier "test.signing.app"', '--keychain',
-            '[KEYCHAIN]', '$W/Test.app'
+            '=designated => identifier "test.signing.app"', '$W/Test.app'
         ])
 
     def test_sign_with_identifier_no_requirement(self, run_command):
@@ -167,7 +153,7 @@ class TestSignPart(unittest.TestCase):
         signing.sign_part(self.paths, self.config, part)
         run_command.assert_called_once_with([
             'codesign', '--sign', '[IDENTITY]', '--timestamp', '--identifier',
-            'test.signing.app', '--keychain', '[KEYCHAIN]', '$W/Test.app'
+            'test.signing.app', '$W/Test.app'
         ])
 
     def test_sign_part_with_options(self, run_command):
@@ -179,8 +165,8 @@ class TestSignPart(unittest.TestCase):
         signing.sign_part(self.paths, self.config, part)
         run_command.assert_called_once_with([
             'codesign', '--sign', '[IDENTITY]', '--timestamp', '--requirements',
-            '=designated => identifier "test.signing.app"', '--keychain',
-            '[KEYCHAIN]', '--options', 'restrict,library', '$W/Test.app'
+            '=designated => identifier "test.signing.app"', '--options',
+            'restrict,library', '$W/Test.app'
         ])
 
     def test_sign_part_with_entitlements(self, run_command):
@@ -191,9 +177,8 @@ class TestSignPart(unittest.TestCase):
             identifier_requirement=False)
         signing.sign_part(self.paths, self.config, part)
         run_command.assert_called_once_with([
-            'codesign', '--sign', '[IDENTITY]', '--timestamp', '--keychain',
-            '[KEYCHAIN]', '--entitlements', '$W/entitlements.plist',
-            '$W/Test.app'
+            'codesign', '--sign', '[IDENTITY]', '--timestamp', '--entitlements',
+            '$W/entitlements.plist', '$W/Test.app'
         ])
 
     def test_verify_part(self, run_command):

chrome/installer/mac/signing/test_config.py

@@ -10,13 +10,12 @@ class TestConfig(config.CodeSignConfig):
     def __init__(self,
                  identity='[IDENTITY]',
                  installer_identity='[INSTALLER-IDENTITY]',
-                 keychain='[KEYCHAIN]',
                  notary_user='[NOTARY-USER]',
                  notary_password='[NOTARY-PASSWORD]',
                  notary_asc_provider=None):
         super(TestConfig,
-              self).__init__(identity, installer_identity, keychain,
-                             notary_user, notary_password, notary_asc_provider)
+              self).__init__(identity, installer_identity, notary_user,
+                             notary_password, notary_asc_provider)
 
     @property
     def app_product(self):