Issue 2796 - Added DeveloperIdentifier to Info.plist for Safari 9

packagerSafari.py

 # coding: utf-8
 
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 import os
 import re
 import json
 import ConfigParser
@@ skipping 71 matching lines @@
     author=get_optional('general', 'author'),
     homepage=get_optional('general', 'homepage'),
     updateURL=get_optional('general', 'updateURL'),
     allowedDomains=allowedDomains,
     allowAllDomains=allowAllDomains,
     allowSecurePages=allowSecurePages,
     startScripts=(get_optional('contentScripts', 'document_start') or '').split(),
     endScripts=(get_optional('contentScripts', 'document_end') or '').split(),
     menus=parse_section('menus', 2),
     toolbarItems=parse_section('toolbar_items'),
-    popovers=parse_section('popovers')
+    popovers=parse_section('popovers'),
+    developerIdentifier=params.get('developerIdentifier')
   ).encode('utf-8')
 
 def createBackgroundPage(params):
   template = getTemplate('background.html.tmpl', autoEscape=True)
   return template.render(
     backgroundScripts=params['metadata'].get(
       'general', 'backgroundScripts'
     ).split()
   ).encode('utf-8')
 
 def createInfoModule(params):
   template = getTemplate('safariInfo.js.tmpl')
   return template.render(params).encode('utf-8')
 
 def fixAbsoluteUrls(files):
   for filename, content in files.iteritems():
     if os.path.splitext(filename)[1].lower() == '.html':
       files[filename] = re.sub(
         r'(<[^<>]*?\b(?:href|src)\s*=\s*["\']?)\/+',
         r'\1' + '/'.join(['..'] * filename.count('/') + ['']),
         content, re.S | re.I
       )
 
-def createSignedXarArchive(outFile, files, keyFile):
+def get_certificates_and_key(keyfile):
+  import M2Crypto
+
+  certs = []
+  bio = M2Crypto.BIO.openfile(keyfile)
+
+  try:
+    key = M2Crypto.RSA.load_key_bio(bio)
+    bio.reset()
+    while True:
+      try:
+        certs.append(M2Crypto.X509.load_cert_bio(bio))
+      except M2Crypto.X509.X509Error:
+        break
+  finally:
+    bio.close()
+
+  return certs, key
+
+def get_developer_identifier(certs):
+  for cert in certs:
+    subject = cert.get_subject()
+    for entry in subject.get_entries_by_nid(subject.nid['CN']):
+      m = re.match(r'Safari Developer: \((.*?)\)', entry.get_data().as_text())
+      if m:
+        return m.group(1)
+
+  raise Exception('No Safari developer certificate found in chain')
+
+def createSignedXarArchive(outFile, files, certs, key):
   import subprocess
   import tempfile
   import shutil
   import M2Crypto
 
   # write files to temporary directory and create a xar archive
   dirname = tempfile.mkdtemp()
   try:
     for filename, contents in files.iteritems():
       path = os.path.join(dirname, filename)
 
       try:
         os.makedirs(os.path.dirname(path))
       except OSError:
         pass
 
       with open(path, 'wb') as file:
         file.write(contents)
 
     subprocess.check_output(
       ['xar', '-czf', os.path.abspath(outFile), '--distribution'] + os.listdir(dirname),
       cwd=dirname
     )
   finally:
     shutil.rmtree(dirname)
 
   certificate_filenames = []
   try:
-    # load key and certificates from the all-in-one key file
-    # and write each certificate in DER format to a seperate
+    # write each certificate in DER format to a separate
     # temporary file, that they can be passed to xar
-    bio = M2Crypto.BIO.openfile(keyFile)
-    try:
-      key = M2Crypto.RSA.load_key_bio(bio)
-
-      bio.reset()
-      while True:
-        try:
-          cert = M2Crypto.X509.load_cert_bio(bio)
-        except M2Crypto.X509.X509Error:
-          break
-
-        fd, filename = tempfile.mkstemp()
-        try:
-          certificate_filenames.append(filename)
-          os.write(fd, cert.as_der())
-        finally:
-          os.close(fd)
-    finally:
-      bio.close()
+    for cert in certs:
+      fd, filename = tempfile.mkstemp()
+      try:
+        certificate_filenames.append(filename)
+        os.write(fd, cert.as_der())
+      finally:
+        os.close(fd)
 
     # add certificates and placeholder signature
     # to the xar archive, and get data to sign
     fd, digestinfo_filename = tempfile.mkstemp()
     os.close(fd)
     try:
       subprocess.check_call(
         [
           'xar', '--sign', '-f', outFile,
           '--digestinfo-to-sign', digestinfo_filename,
@@ skipping 57 matching lines @@
 
   if metadata.has_section('preprocess'):
     files.preprocess(
       [f for f, _ in metadata.items('preprocess')],
       {'needsExt': True}
     )
 
   if metadata.has_section('import_locales'):
     importGeckoLocales(params, files)
 
+  if keyFile:
+    certs, key = get_certificates_and_key(keyFile)
+    params['developerIdentifier'] = get_developer_identifier(certs)
+
   files['lib/info.js'] = createInfoModule(params)
   files['background.html'] = createBackgroundPage(params)
   files['Info.plist'] = createManifest(params, files)
 
   fixAbsoluteUrls(files)
 
   dirname = metadata.get('general', 'basename') + '.safariextension'
   for filename in files.keys():
     files[os.path.join(dirname, filename)] = files.pop(filename)
 
   if not devenv and keyFile:
-    createSignedXarArchive(outFile, files, keyFile)
+    createSignedXarArchive(outFile, files, certs, key)
   else:
     files.zip(outFile)