Leverage chrome signing script.

Instead of using a modified copy of sign_chrome.py (named sign_brave.py)
leverage the original sign_chrome.py by patching it to call into brave's
signing_helper.py for a config override.

The patch also comments out a section of sign_chrome.py that causes a
runtime error due to wrong variables names.

build/mac/sign_app.sh

@@ -11,10 +11,12 @@ SOURCE_DIR="${1}"
 DEST_DIR="${2}"
 PKG_DIR="${3}"
 DEVELOPMENT=
+MAC_PROVISIONING_PROFILE=
 if [[ "${4}" = "True" ]]; then
-  DEVELOPMENT="--development"
+    DEVELOPMENT="--development"
+else
+    MAC_PROVISIONING_PROFILE="${5}"
 fi
-MAC_PROVISIONING_PROFILE="${5}"
 MAC_SIGNING_KEYCHAIN="${6}"
 MAC_SIGNING_IDENTIFIER="${7}"
 
@@ -36,23 +38,23 @@ function check_exit() {
 
 trap check_exit EXIT
 
-# Copy signing script to the packaging directory
-SCRIPT_DIR=$(dirname ${0})
-cp -f "${SCRIPT_DIR}/sign_brave.py" "${PKG_DIR}"
+# brave/scripts/signing_helper.py will retrieve this value when called from
+# sign_chrome.py
+export MAC_PROVISIONING_PROFILE
 
 # Clear output directory. It seems GN auto-creates directory path to the
 # expected outputs. However, the signing script doesn't expect the path to
 # have been created and fails trying to create it again.
 echo "Cleaning $DEST_DIR ..."
 rm -rf $DEST_DIR/*
 
-
 # Invoke python script to do the signing.
+PARAMS="--input $SOURCE_DIR --output $DEST_DIR --keychain $MAC_SIGNING_KEYCHAIN --identity $MAC_SIGNING_IDENTIFIER --no-dmg --no-notarize"
 if [[ -z "${DEVELOPMENT}" ]]; then
   # Copy mac_provisioning_profile to the packaging_dir since that's where the
   # signing scripts expects to find it.
   cp -f "$MAC_PROVISIONING_PROFILE" "$PKG_DIR"
-  "${PKG_DIR}/sign_brave.py" --input "$SOURCE_DIR" --output "$DEST_DIR" --keychain "$MAC_SIGNING_KEYCHAIN" --identity "$MAC_SIGNING_IDENTIFIER" --no-dmg --provisioning-profile "$MAC_PROVISIONING_PROFILE"
 else
-  "${PKG_DIR}/sign_brave.py" --input "$SOURCE_DIR" --output "$DEST_DIR" --keychain "$MAC_SIGNING_KEYCHAIN" --identity "$MAC_SIGNING_IDENTIFIER" --no-dmg "$DEVELOPMENT"
+  PARAMS="$PARAMS $DEVELOPMENT"
 fi
+"${PKG_DIR}/sign_chrome.py" $PARAMS

patches/chrome-installer-mac-sign_chrome.py.patch

@@ -0,0 +1,29 @@
+diff --git a/chrome/installer/mac/sign_chrome.py b/chrome/installer/mac/sign_chrome.py
+index fa3a88200f5156975d0da5bcc52ed6f9896e792e..9068adc58127d24f50f47b3f1f939e2b6feaef69 100755
+--- a/chrome/installer/mac/sign_chrome.py
++++ b/chrome/installer/mac/sign_chrome.py
+@@ -28,6 +28,7 @@ def create_config(config_args, development):
+         An instance of |model.CodeSignConfig|.
+     """
+     config_class = config.CodeSignConfig
++    """
+     try:
+         import signing.internal_config
+         config_class = signing.internal_config.InternalCodeSignConfig
+@@ -36,6 +37,7 @@ def create_config(config_args, development):
+         # internal config has to be available.
+         if config_class(identity, keychain).product == 'Google Chrome':
+             raise e
++    """
+
+     if development:
+
+@@ -55,6 +57,8 @@ def create_config(config_args, development):
+
+         config_class = DevelopmentCodeSignConfig
+
++    from signing_helper import GetBraveSigningConfig
++    config_class = GetBraveSigningConfig(config_class, development)
+     return config_class(*config_args)
+
+

script/signing_helper.py

@@ -83,3 +83,25 @@ def AddBravePartsForSigning(parts, config):
         '{.framework_dir}/Frameworks/Sparkle.framework'.format(config),
         'org.sparkle-project.Sparkle',
         verify_options=VerifyOptions.DEEP + VerifyOptions.NO_STRICT)
+
+
+def GetBraveSigningConfig(config_class, development):
+    if development:
+        return config_class
+
+    # Retrieve provisioning profile exported by build/mac/sign_app.sh
+    provisioning_profile = os.environ['MAC_PROVISIONING_PROFILE']
+    assert len(provisioning_profile), 'MAC_PROVISIONING_PROFILE is not set'
+
+    class ProvisioningProfileCodeSignConfig(config_class):
+
+        @property
+        def provisioning_profile_basename(self):
+            return os.path.splitext(os.path.basename(
+                provisioning_profile))[0]
+
+        @property
+        def run_spctl_assess(self):
+            return True
+
+    return ProvisioningProfileCodeSignConfig