From e1d9144848eff9f71bf573beb66a104d41365633 Mon Sep 17 00:00:00 2001
From: Simon Hong <shong@igalia.com>
Date: Wed, 27 Mar 2019 10:56:32 +0900
Subject: [PATCH] Enable widevine VMP on Windows

browser signing is removed from `create_dist` target.
Instead, build` step will do signing and generate widevine sig file.
Then, those signed files and sig files will be used during the
`create-dist`.
This is because gn python can't use external cryptgraphy module needed
by sig generator scripts. So, brave-browser `build` target will use
system python for it.
---
 build/config.gni                              |  7 ++---
 ...e-common-media-cdm_host_file_path.cc.patch | 16 ++++++++++++
 ...me-installer-mini_installer-BUILD.gn.patch | 16 ++----------
 ...taller-mini_installer-chrome.release.patch | 12 ++++++---
 ...uild-win-create_installer_archive.py.patch | 20 +++-----------
 script/sign_binaries.py                       | 26 +++++++++++++++++++
 6 files changed, 59 insertions(+), 38 deletions(-)
 create mode 100644 patches/chrome-common-media-cdm_host_file_path.cc.patch

diff --git a/build/config.gni b/build/config.gni
index 5b831679d6e5..df406e02f1fc 100644
--- a/build/config.gni
+++ b/build/config.gni
@@ -26,12 +26,9 @@ declare_args() {
   tag_ap =""
 
   skip_signing = false
-}
 
-brave_enable_cdm_host_verification = is_official_build &&
-                                     getenv("SIGN_WIDEVINE_CERT") != "" &&
-                                     getenv("SIGN_WIDEVINE_KEY") != "" &&
-                                     getenv("SIGN_WIDEVINE_PASSPHRASE") != ""
+  brave_enable_cdm_host_verification = false
+}
 
 if (base_sparkle_update_url == "") {
   base_sparkle_update_url = "https://updates.bravesoftware.com/sparkle/Brave-Browser"
diff --git a/patches/chrome-common-media-cdm_host_file_path.cc.patch b/patches/chrome-common-media-cdm_host_file_path.cc.patch
new file mode 100644
index 000000000000..d892c28bfede
--- /dev/null
+++ b/patches/chrome-common-media-cdm_host_file_path.cc.patch
@@ -0,0 +1,16 @@
+diff --git a/chrome/common/media/cdm_host_file_path.cc b/chrome/common/media/cdm_host_file_path.cc
+index cd13f95bfd55ef03654e97324d527eae5d816334..b79301f3cf9cca64da5a6257ea2ffcc539efbacf 100644
+--- a/chrome/common/media/cdm_host_file_path.cc
++++ b/chrome/common/media/cdm_host_file_path.cc
+@@ -43,7 +43,11 @@ void AddCdmHostFilePaths(
+ #if defined(OS_WIN)
+ 
+   static const base::FilePath::CharType* const kUnversionedFiles[] = {
++#if defined(BRAVE_CHROMIUM_BUILD)
++      FILE_PATH_LITERAL("brave.exe")};
++#else
+       FILE_PATH_LITERAL("chrome.exe")};
++#endif
+   static const base::FilePath::CharType* const kVersionedFiles[] = {
+       FILE_PATH_LITERAL("chrome.dll"), FILE_PATH_LITERAL("chrome_child.dll")};
+ 
diff --git a/patches/chrome-installer-mini_installer-BUILD.gn.patch b/patches/chrome-installer-mini_installer-BUILD.gn.patch
index 6eb057983076..22d83736d901 100644
--- a/patches/chrome-installer-mini_installer-BUILD.gn.patch
+++ b/patches/chrome-installer-mini_installer-BUILD.gn.patch
@@ -1,24 +1,12 @@
 diff --git a/chrome/installer/mini_installer/BUILD.gn b/chrome/installer/mini_installer/BUILD.gn
-index ec629333b0062239ff2dec63c1a5bf79738de301..20e341e5b3ed8dd968abcb1ef29dedbfe88adda5 100644
+index ec629333b0062239ff2dec63c1a5bf79738de301..a6c74a6eecbb1b14302e5db1d42c8d594ce09032 100644
 --- a/chrome/installer/mini_installer/BUILD.gn
 +++ b/chrome/installer/mini_installer/BUILD.gn
-@@ -12,6 +12,10 @@ import("//tools/v8_context_snapshot/v8_context_snapshot.gni")
- import("//ui/base/ui_features.gni")
- import("//v8/gni/v8.gni")
- 
-+if (brave_chromium_build) {
-+  import("//brave/build/config.gni")
-+}
-+
- declare_args() {
-   # The Chrome archive is compressed in official builds to reduce the size of
-   # the installer. By default: non-official or component builds, a build mode
-@@ -182,6 +186,22 @@ template("generate_mini_installer") {
+@@ -182,6 +182,21 @@ template("generate_mini_installer") {
        "//third_party/icu:icudata",
        chrome_dll_target,
      ]
 +    if (brave_chromium_build) {
-+      if (skip_signing) { args += [ "--skip_signing" ] }
 +      inputs -= [
 +        "$root_out_dir/chrome.exe",
 +      ]
diff --git a/patches/chrome-installer-mini_installer-chrome.release.patch b/patches/chrome-installer-mini_installer-chrome.release.patch
index 7f337a827ee8..015b867565f8 100644
--- a/patches/chrome-installer-mini_installer-chrome.release.patch
+++ b/patches/chrome-installer-mini_installer-chrome.release.patch
@@ -1,5 +1,5 @@
 diff --git a/chrome/installer/mini_installer/chrome.release b/chrome/installer/mini_installer/chrome.release
-index bdf0219561c2e52fbe2e16407ac0fa9ae2e3ef30..cda55a0113704a0fd6bf719b1b785a0b66077392 100644
+index bdf0219561c2e52fbe2e16407ac0fa9ae2e3ef30..bc994fb104924c62715817a8b82d7f55c044563b 100644
 --- a/chrome/installer/mini_installer/chrome.release
 +++ b/chrome/installer/mini_installer/chrome.release
 @@ -6,7 +6,7 @@
@@ -11,16 +11,22 @@ index bdf0219561c2e52fbe2e16407ac0fa9ae2e3ef30..cda55a0113704a0fd6bf719b1b785a0b
  chrome_proxy.exe: %(ChromeDir)s\
  #
  # Chrome version dir assembly manifest.
-@@ -19,6 +19,8 @@ chrome_proxy.exe: %(ChromeDir)s\
+@@ -18,9 +18,14 @@ chrome_proxy.exe: %(ChromeDir)s\
+ #
  # Chrome version dir entries, sorted alphabetically.
  #
++brave.exe.sig: %(VersionDir)s\
  chrome.dll: %(VersionDir)s\
++chrome.dll.sig: %(VersionDir)s\
 +brave_resources.pak: %(VersionDir)s\
 +brave_100_percent.pak: %(VersionDir)s\
  chrome_100_percent.pak: %(VersionDir)s\
  chrome_child.dll: %(VersionDir)s\
++chrome_child.dll.sig: %(VersionDir)s\
  chrome_elf.dll: %(VersionDir)s\
-@@ -75,6 +77,7 @@ MEIPreload\preloaded_data.pb: %(VersionDir)s\MEIPreload\
+ chrome_watcher.dll: %(VersionDir)s\
+ d3dcompiler_47.dll: %(VersionDir)s\
+@@ -75,6 +80,7 @@ MEIPreload\preloaded_data.pb: %(VersionDir)s\MEIPreload\
  
  [HIDPI]
  chrome_200_percent.pak: %(VersionDir)s\
diff --git a/patches/chrome-tools-build-win-create_installer_archive.py.patch b/patches/chrome-tools-build-win-create_installer_archive.py.patch
index 5840393757c2..85142de93a79 100644
--- a/patches/chrome-tools-build-win-create_installer_archive.py.patch
+++ b/patches/chrome-tools-build-win-create_installer_archive.py.patch
@@ -1,5 +1,5 @@
 diff --git a/chrome/tools/build/win/create_installer_archive.py b/chrome/tools/build/win/create_installer_archive.py
-index b16b16bdc439014bf647f80ca9b7ce8215cfbb6c..cf36aac8b0d18fb0a1dd6f9018dcd53e9042a331 100755
+index b16b16bdc439014bf647f80ca9b7ce8215cfbb6c..46fdb870dda9de5a3c855c34941ff36b6fc09fe6 100755
 --- a/chrome/tools/build/win/create_installer_archive.py
 +++ b/chrome/tools/build/win/create_installer_archive.py
 @@ -112,6 +112,60 @@ def CopyAllFilesToStagingDir(config, distribution, staging_dir, build_dir,
@@ -63,23 +63,11 @@ index b16b16bdc439014bf647f80ca9b7ce8215cfbb6c..cf36aac8b0d18fb0a1dd6f9018dcd53e
  
  def CopySectionFilesToStagingDir(config, section, staging_dir, src_dir):
    """Copies installer archive files specified in section from src_dir to
-@@ -531,6 +585,10 @@ def main(options):
-     version_numbers = prev_version.split('.')
-     prev_build_number = version_numbers[2] + '.' + version_numbers[3]
- 
-+  if not options.skip_signing:
-+    from sign_binaries import sign_binaries
-+    sign_binaries(staging_dir)
-+
-   # Name of the archive file built (for example - chrome.7z or
-   # patch-<old_version>-<new_version>.7z or patch-<new_version>.7z
-   archive_file = CreateArchiveFile(options, staging_dir,
-@@ -599,6 +657,8 @@ def _ParseOptions():
-            'with the installer archive {x86|x64}.')
+@@ -600,6 +654,7 @@ def _ParseOptions():
    parser.add_option('-v', '--verbose', action='store_true', dest='verbose',
                      default=False)
-+  parser.add_option('--skip_signing', default=False)
-+
  
++
    options, _ = parser.parse_args()
    if not options.build_dir:
+     parser.error('You must provide a build dir.')
diff --git a/script/sign_binaries.py b/script/sign_binaries.py
index 94d84eff7c6c..635927e0d236 100644
--- a/script/sign_binaries.py
+++ b/script/sign_binaries.py
@@ -1,5 +1,7 @@
+import optparse
 import os
 import subprocess
+import sys
 
 cert = os.environ.get('CERT')
 signtool_args = (os.environ.get('SIGNTOOL_ARGS') or
@@ -44,3 +46,27 @@ def sign_binaries(base_dir):
 def sign_binary(binary):
     cmd = get_sign_cmd(binary)
     run_cmd(cmd)
+
+
+def _ParseOptions():
+    parser = optparse.OptionParser()
+    parser.add_option(
+        '-b', '--build_dir',
+        help='Build directory. The paths in input_file are relative to this.')
+
+    options, _ = parser.parse_args()
+    if not options.build_dir:
+        parser.error('You must provide a build dir.')
+
+    options.build_dir = os.path.normpath(options.build_dir)
+
+    return options
+
+
+def main(options):
+    sign_binaries(options.build_dir)
+
+
+if '__main__' == __name__:
+    options = _ParseOptions()
+    sys.exit(main(options))