#!/usr/bin/env python2.7
#
# Copyright 2017 Google Inc.
#
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

import glob
import os
import re
import shutil
import subprocess
import sys
import tempfile

# Arguments to the script:
#  app              path to binary to package, e.g. out/Debug/dm
app, = sys.argv[1:]

# Find the Google signing identity.
identity = None
for line in subprocess.check_output(['security', 'find-identity']).split('\n'):
  m = re.match(r'''.*\) (.*) ".*Google.*"''', line)
  if m:
    identity = m.group(1)
assert identity

# Find the Google mobile provisioning profile.
mobileprovision = None
for p in glob.glob(os.path.join(os.environ['HOME'], 'Library', 'MobileDevice',
                                'Provisioning Profiles', '*.mobileprovision')):
  if re.search(r'''<key>Name</key>
\t<string>Google Development</string>''', open(p).read(), re.MULTILINE):
    mobileprovision = p
assert mobileprovision

out, app = os.path.split(app)

pkg = os.path.join(out, app + '.app')
if not os.path.exists(pkg):
  os.mkdir(pkg)

# The binary and .mobileprovision just get copied into the package.
shutil.copy(os.path.join(out, app), pkg)
shutil.copy(mobileprovision,
            os.path.join(pkg, 'embedded.mobileprovision'))

# Write a minimal Info.plist to name the package and point at the binary.
with open(os.path.join(pkg, 'Info.plist'), 'w') as f:
  f.write('''
<plist version="1.0">
  <dict>
    <key>CFBundleExecutable</key> <string>{app}</string>
    <key>CFBundleIdentifier</key> <string>com.google.{app}</string>
  </dict>
</plist>
'''.format(app=app))

# Extract the appliciation identitifer prefix from the .mobileprovision.
m = re.search(r'''<key>ApplicationIdentifierPrefix</key>
\t<array>
\t<string>(.*)</string>''', open(mobileprovision).read(), re.MULTILINE)
prefix = m.group(1)

# Write a minimal entitlements file, then codesign.
with tempfile.NamedTemporaryFile() as f:
  f.write('''
<plist version="1.0">
  <dict>
    <key>application-identifier</key> <string>{prefix}.com.google.{app}</string>
    <key>get-task-allow</key>         <true/>
  </dict>
</plist>
'''.format(prefix=prefix, app=app))
  f.flush()

  subprocess.check_call(['codesign',
                         '--force',
                         '--sign', identity,
                         '--entitlements', f.name,
                         '--timestamp=none',
                         pkg])