Upgrade patches from Chromium 76.0.3809.62 to Chromium 76.0.3809.72 #2976

- Changes dependency from chrome_helper_app to chrome_helper_app_default since there are now mulitple 'chrome_helper_app's. - Clears output directory from path created by GN but not expected by the signing script. Chromium changes: https://chromium.googlesource.com/chromium/src/+/4be2698e4784 commit 4be2698e4784b68198d1062a54942ae232c57c24 Author: Robert Sesek <[email protected]> Date: Mon Jun 17 17:41:28 2019 +0000 Create more Mac Helper application bundles. In order to enable the hardened runtime, which restricts things such as writable-executable memory and loading code signed by a different Team ID, special code signing entitlements must be granted to the Helper. To keep the capabilities scoped to the process types that require them, this CL adds two new variants of the Helper app: one for renderers and one for plugins. Currently all three Helpers will be code signed in the same way without any entitlements, but this will change in the future. Tbr: [email protected] Bug: 850193 which is rolled into c76 with: https://chromium.googlesource.com/chromium/src/+/194826d6f8a3a0d932e18ed0f5452fd5c488e490 commit 194826d6f8a3a0d932e18ed0f5452fd5c488e490 Author: Robert Sesek <[email protected]> Date: Wed Jul 17 22:28:42 2019 +0000 [BRANCH ONLY] Roll-up cherry pick of changes to notarize Chrome on macOS. App notarization is going to be required on macOS 10.15, which is expected to be released when M76 is on stable channel. This series of changes makes modifications to Chrome's helper processes, adding multiple variants with different code signing entitlements, as well as changes to the signing scripts to support notarization. This cherry-picks the following 15 commits to the M76/3809 branch: 7f66190e7365 [Mac] Stop pretending that browser_tests/InProcessBrowserTest are bundled. ceaa2666e0eb Grant the browser several entitlements needed for the hardened runtime. 4be2698e4784 Create more Mac Helper application bundles. 3fa9da4e877a Give the new Mac helper variants the entitlements they require. 4aa3a22f4387 Code sign all Mac executables with the hardened runtime option. 4f72ae052e11 [Mac] Run the proxy_resolver service in the Renderer helper. c2b068a99ae2 Copy KeystoneRegistration.framework with a bundle_data rule for the root. 4f6b2b188f29 [Mac] Delete CFBundleBlocker and third_party/mach_override. 2f8e936c6909 macOS Signing Scripts: Add module responsible for notarization. 62d2a3f09545 macOS Signing Scripts: Drop support for resource rules. ec608fec2fd1 macOS Signing Scripts: Create the notarization sentinel file. 91b8140d5cb0 macOS Signing Scripts: Run the notarization stapler through xcrun. 4312c1f9a695 macOS Signing Scripts: Do not staple the AlertNotificationService.xpc bundle. 59347283139c macOS Signing Scripts: Write "yes-1" to the notarization sentinel file. 4d22852510f5 Mac: Sign the inner framework only once per bundle ID Bug: 850199

Fixes brave/brave-browser#4922 Fixes brave/brave-browser#5036 Rolls a couple of patches into a single function in script/signing_helper.py. Use single import directive. Generate Widevine signature file before signing framework part.

Instead of using a modified copy of sign_chrome.py (named sign_brave.py) leverage the original sign_chrome.py by patching it to call into brave's signing_helper.py for a config override. The patch also comments out a section of sign_chrome.py that causes a runtime error due to wrong variables names.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade patches from Chromium 76.0.3809.62 to Chromium 76.0.3809.72 #2976

Upgrade patches from Chromium 76.0.3809.62 to Chromium 76.0.3809.72 #2976

Commits on Jul 24, 2019