Squash commits for public release

build/security/SIGN_TEMPLATE.gni

@@ -0,0 +1,16 @@
+template("xOS_signexec") {
+  app_name = target_name
+  assert(defined(invoker.binpath), "Install path must be provided")
+
+  binpath = invoker.binpath
+  action("sign_$app_name") {
+    script = "//build/security/sign_executable.py"
+    inputs = [ "$root_out_dir/base/$binpath" ]
+    outputs = [ "$root_out_dir/tmp/$binpath.signed" ]
+    deps = [ ":$app_name" + "_build" ]
+    args = [
+      rebase_path("$root_out_dir/base/$binpath", root_build_dir),
+      rebase_path("$root_out_dir/tmp/$binpath.signed", ""),
+    ]
+  }
+}

build/security/sign_executable.py

@@ -0,0 +1,18 @@
+import sys
+import os
+import subprocess
+from pathlib import Path
+
+
+def shell(cmd, cwd=None):
+    return subprocess.check_output(cmd, shell=True, cwd=cwd).decode("ascii")
+
+
+elffile_path = sys.argv[1]
+stampfile_path = sys.argv[2]
+
+run_from = os.getcwd() + '/../utils/crypto/'
+elffile_path_abs = os.getcwd() + '/' + elffile_path
+
+shell("python3 elfsign.py {0} --overwrite".format(elffile_path_abs), run_from)
+Path(stampfile_path).touch()