Merge branch 'DRTVWR-555' into DRTVWR-553+555

# Conflicts:
#	autobuild.xml
#	indra/newview/llappviewer.cpp
#	indra/newview/viewer_manifest.py

2 files changed, 107 insertions, 76 deletions

diff --git a/indra/newview/llappviewer.cpp b/indra/newview/llappviewer.cpp
index 8951213f71..254bf05d05 100644
--- a/indra/newview/llappviewer.cpp
+++ b/indra/newview/llappviewer.cpp
@@ -1177,44 +1177,41 @@ bool LLAppViewer::init()
 #if LL_RELEASE_FOR_DOWNLOAD
     if (!gSavedSettings.getBOOL("CmdLineSkipUpdater"))
     {
-	LLProcess::Params updater;
-	updater.desc = "updater process";
-	// Because it's the updater, it MUST persist beyond the lifespan of the
-	// viewer itself.
-	updater.autokill = false;
-	std::string updater_file;
+        LLProcess::Params updater;
+        updater.desc = "updater process";
+        // Because it's the updater, it MUST persist beyond the lifespan of the
+        // viewer itself.
+        updater.autokill = false;
+        std::string updater_file;
 #if LL_WINDOWS
-	updater_file = "SLVersionChecker.exe";
-	updater.executable = gDirUtilp->getExpandedFilename(LL_PATH_EXECUTABLE, updater_file);
+        updater_file = "SLVersionChecker.exe";
+        updater.executable = gDirUtilp->getExpandedFilename(LL_PATH_EXECUTABLE, updater_file);
 #elif LL_DARWIN
-	// explicitly run the system Python interpreter on SLVersionChecker.py
-	// Keep using python2 until SLVersionChecker is converted to python3.
-	updater.executable = "python";
-	updater_file = "SLVersionChecker.py";
-	updater.args.add(gDirUtilp->add(gDirUtilp->getAppRODataDir(), "updater", updater_file));
+        updater_file = "SLVersionChecker";
+        updater.executable = gDirUtilp->add(gDirUtilp->getAppRODataDir(), "updater", updater_file);
 #else
-	updater_file = "SLVersionChecker";
-	updater.executable = gDirUtilp->getExpandedFilename(LL_PATH_EXECUTABLE, updater_file);
+        updater_file = "SLVersionChecker";
+        updater.executable = gDirUtilp->getExpandedFilename(LL_PATH_EXECUTABLE, updater_file);
 #endif
-	// add LEAP mode command-line argument to whichever of these we selected
-	updater.args.add("leap");
-	// UpdaterServiceSettings
-    if (gSavedSettings.getBOOL("FirstLoginThisInstall"))
-    {
-        // Befor first login, treat this as 'manual' updates,
-        // updater won't install anything, but required updates
-        updater.args.add("0");
-    }
-    else
-    {
-        updater.args.add(stringize(gSavedSettings.getU32("UpdaterServiceSetting")));
-    }
-	// channel
-	updater.args.add(LLVersionInfo::instance().getChannel());
-	// testok
-	updater.args.add(stringize(gSavedSettings.getBOOL("UpdaterWillingToTest")));
-	// ForceAddressSize
-	updater.args.add(stringize(gSavedSettings.getU32("ForceAddressSize")));
+        // add LEAP mode command-line argument to whichever of these we selected
+        updater.args.add("leap");
+        // UpdaterServiceSettings
+        if (gSavedSettings.getBOOL("FirstLoginThisInstall"))
+        {
+            // Befor first login, treat this as 'manual' updates,
+            // updater won't install anything, but required updates
+            updater.args.add("0");
+        }
+        else
+        {
+            updater.args.add(stringize(gSavedSettings.getU32("UpdaterServiceSetting")));
+        }
+        // channel
+        updater.args.add(LLVersionInfo::instance().getChannel());
+        // testok
+        updater.args.add(stringize(gSavedSettings.getBOOL("UpdaterWillingToTest")));
+        // ForceAddressSize
+        updater.args.add(stringize(gSavedSettings.getU32("ForceAddressSize")));
 
         try
         {
@@ -1232,11 +1229,11 @@ bool LLAppViewer::init()
                 OSMB_OK);
             mUpdaterNotFound = true;
         }
-	}
-	else
-	{
-		LL_WARNS("InitInfo") << "Skipping updater check." << LL_ENDL;
-	}
+    }
+    else
+    {
+        LL_WARNS("InitInfo") << "Skipping updater check." << LL_ENDL;
+    }
 
     if (mUpdaterNotFound)
     {
@@ -1269,12 +1266,12 @@ bool LLAppViewer::init()
         }
     }
 
-	if (gSavedSettings.getBOOL("QAMode") && gSavedSettings.getS32("QAModeEventHostPort") > 0)
-	{
-		LL_WARNS("InitInfo") << "QAModeEventHostPort DEPRECATED: "
-							 << "lleventhost no longer supported as a dynamic library"
-							 << LL_ENDL;
-	}
+    if (gSavedSettings.getBOOL("QAMode") && gSavedSettings.getS32("QAModeEventHostPort") > 0)
+    {
+        LL_WARNS("InitInfo") << "QAModeEventHostPort DEPRECATED: "
+                             << "lleventhost no longer supported as a dynamic library"
+                             << LL_ENDL;
+    }
 #endif //LL_RELEASE_FOR_DOWNLOAD
 
 	LLTextUtil::TextHelpers::iconCallbackCreationFunction = create_text_segment_icon_from_url_match;
diff --git a/indra/newview/viewer_manifest.py b/indra/newview/viewer_manifest.py
index 7426938454..ae3ed56b3d 100755
--- a/indra/newview/viewer_manifest.py
+++ b/indra/newview/viewer_manifest.py
@@ -27,6 +27,8 @@ Linden Research, Inc., 945 Battery Street, San Francisco, CA  94111  USA
 $/LicenseInfo$
 """
 import errno
+import glob
+import itertools
 import json
 import os
 import os.path
@@ -1272,47 +1274,79 @@ class DarwinManifest(ViewerManifest):
                     keychain_pwd_path = os.path.join(build_secrets_checkout,'code-signing-osx','password.txt')
                     keychain_pwd = open(keychain_pwd_path).read().rstrip()
 
-                    # Note: As of macOS Sierra, keychains are created with names postfixed with '-db' so for example, the
-                    #       SL Viewer keychain would by default be found in ~/Library/Keychains/viewer.keychain-db instead of
-                    #       just ~/Library/Keychains/viewer.keychain in earlier versions.
+                    # Note: As of macOS Sierra, keychains are created with
+                    #       names postfixed with '-db' so for example, the SL
+                    #       Viewer keychain would by default be found in
+                    #       ~/Library/Keychains/viewer.keychain-db instead of
+                    #       just ~/Library/Keychains/viewer.keychain in
+                    #       earlier versions.
                     #
-                    #       Because we have old OS files from previous versions of macOS on the build hosts, the configurations
-                    #       are different on each host. Some have viewer.keychain, some have viewer.keychain-db and some have both.
-                    #       As you can see in the line below, this script expects the Linden Developer cert/keys to be in viewer.keychain.
+                    #       Because we have old OS files from previous
+                    #       versions of macOS on the build hosts, the
+                    #       configurations are different on each host. Some
+                    #       have viewer.keychain, some have viewer.keychain-db
+                    #       and some have both. As you can see in the line
+                    #       below, this script expects the Linden Developer
+                    #       cert/keys to be in viewer.keychain.
                     #
-                    #       To correctly sign builds you need to make sure ~/Library/Keychains/viewer.keychain exists on the host
-                    #       and that it contains the correct cert/key. If a build host is set up with a clean version of macOS Sierra (or later)
-                    #       then you will need to change this line (and the one for 'codesign' command below) to point to right place or else
-                    #       pull in the cert/key into the default viewer keychain 'viewer.keychain-db' and export it to 'viewer.keychain'
+                    #       To correctly sign builds you need to make sure
+                    #       ~/Library/Keychains/viewer.keychain exists on the
+                    #       host and that it contains the correct cert/key. If
+                    #       a build host is set up with a clean version of
+                    #       macOS Sierra (or later) then you will need to
+                    #       change this line (and the one for 'codesign'
+                    #       command below) to point to right place or else
+                    #       pull in the cert/key into the default viewer
+                    #       keychain 'viewer.keychain-db' and export it to
+                    #       'viewer.keychain'
                     viewer_keychain = os.path.join(home_path, 'Library',
                                                    'Keychains', 'viewer.keychain')
                     self.run_command(['security', 'unlock-keychain',
                                       '-p', keychain_pwd, viewer_keychain])
-                    signed=False
-                    sign_attempts=3
                     sign_retry_wait=15
-                    libvlc_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_libvlc.dylib"
-                    cef_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_cef.dylib"
-                    slplugin_path = app_in_dmg + "/Contents/Resources/SLPlugin.app/Contents/MacOS/SLPlugin"
-                    greenlet_path = app_in_dmg + "/Contents/Resources/updater/greenlet/_greenlet.so"
-                    while (not signed) and (sign_attempts > 0):
+                    resources = app_in_dmg + "/Contents/Resources/"
+                    plain_sign = glob.glob(resources + "llplugin/*.dylib")
+                    deep_sign = [
+                        resources + "updater/SLVersionChecker",
+                        resources + "SLPlugin.app/Contents/MacOS/SLPlugin",
+                        app_in_dmg,
+                        ]
+                    for attempt in range(3):
+                        if attempt: # second or subsequent iteration
+                            print >> sys.stderr, \
+                                ("codesign failed, waiting %d seconds before retrying" %
+                                 sign_retry_wait)
+                            time.sleep(sign_retry_wait)
+                            sign_retry_wait*=2
+
                         try:
-                            sign_attempts-=1
                             # Note: See blurb above about names of keychains
-                            self.run_command(['codesign', '--force', '--timestamp','--keychain', viewer_keychain, '--sign', identity, libvlc_path])
-                            self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, cef_path])
-                            self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, greenlet_path])
-                            self.run_command(['codesign', '--verbose', '--deep', '--force', '--entitlements', self.src_path_of("slplugin.entitlements"), '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, slplugin_path])
-                            self.run_command(['codesign', '--verbose', '--deep', '--force', '--entitlements', self.src_path_of("slplugin.entitlements"), '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, app_in_dmg])
-                            signed=True # if no exception was raised, the codesign worked
+                            for signee in plain_sign:
+                                self.run_command(
+                                    ['codesign',
+                                     '--force',
+                                     '--timestamp',
+                                     '--keychain', viewer_keychain,
+                                     '--sign', identity,
+                                     signee])
+                            for signee in deep_sign:
+                                self.run_command(
+                                    ['codesign',
+                                     '--verbose',
+                                     '--deep',
+                                     '--force',
+                                     '--entitlements', self.src_path_of("slplugin.entitlements"),
+                                     '--options', 'runtime',
+                                     '--keychain', viewer_keychain,
+                                     '--sign', identity,
+                                     signee])
+                            break # if no exception was raised, the codesign worked
                         except ManifestError as err:
-                            if sign_attempts:
-                                print("codesign failed, waiting %d seconds before retrying" % sign_retry_wait, file=sys.stderr)
-                                time.sleep(sign_retry_wait)
-                                sign_retry_wait*=2
-                            else:
-                                print("Maximum codesign attempts exceeded; giving up", file=sys.stderr)
-                                raise
+                            # 'err' goes out of scope
+                            sign_failed = err
+                    else:
+                        print >> sys.stderr, "Maximum codesign attempts exceeded; giving up"
+                        raise sign_failed
                     self.run_command(['spctl', '-a', '-texec', '-vvvv', app_in_dmg])
                     self.run_command([self.src_path_of("installers/darwin/apple-notarize.sh"), app_in_dmg])