From 9729912841a8673c72b4d3dc3d30bb3912a7b2e9 Mon Sep 17 00:00:00 2001
From: Boris Zbarsky <bzbarsky@apple.com>
Date: Wed, 8 Jun 2022 17:15:58 -0400
Subject: [PATCH] Ignore expired identities for Darwin codesigning. (#19330)

Fixes https://github.com/project-chip/connectedhomeip/issues/19327
---
 examples/all-clusters-app/linux/entitlements/codesign.py       | 3 ++-
 .../all-clusters-minimal-app/linux/entitlements/codesign.py    | 3 ++-
 examples/darwin-framework-tool/entitlements/codesign.py        | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/examples/all-clusters-app/linux/entitlements/codesign.py b/examples/all-clusters-app/linux/entitlements/codesign.py
index f14ed2e7d68d79..2cf51a1cfa5b9e 100644
--- a/examples/all-clusters-app/linux/entitlements/codesign.py
+++ b/examples/all-clusters-app/linux/entitlements/codesign.py
@@ -34,7 +34,8 @@ def get_identity():
             "No valid identity has been found. Application will run without entitlements.")
         exit(0)
 
-    identity = re.search(r'\b[0-9a-fA-F]{40}\b', command_result)
+    command_result = command_result.replace("\\n", "\n")
+    identity = re.search(r'\b[0-9a-fA-F]{40}\b(?![^\n]*\(CSSMERR_TP_CERT_EXPIRED\))', command_result)
     if identity is None:
         print(
             "No valid identity has been found. Application will run without entitlements.")
diff --git a/examples/all-clusters-minimal-app/linux/entitlements/codesign.py b/examples/all-clusters-minimal-app/linux/entitlements/codesign.py
index f14ed2e7d68d79..2cf51a1cfa5b9e 100644
--- a/examples/all-clusters-minimal-app/linux/entitlements/codesign.py
+++ b/examples/all-clusters-minimal-app/linux/entitlements/codesign.py
@@ -34,7 +34,8 @@ def get_identity():
             "No valid identity has been found. Application will run without entitlements.")
         exit(0)
 
-    identity = re.search(r'\b[0-9a-fA-F]{40}\b', command_result)
+    command_result = command_result.replace("\\n", "\n")
+    identity = re.search(r'\b[0-9a-fA-F]{40}\b(?![^\n]*\(CSSMERR_TP_CERT_EXPIRED\))', command_result)
     if identity is None:
         print(
             "No valid identity has been found. Application will run without entitlements.")
diff --git a/examples/darwin-framework-tool/entitlements/codesign.py b/examples/darwin-framework-tool/entitlements/codesign.py
index 0c5f29dac001db..a23f9c39497cc5 100644
--- a/examples/darwin-framework-tool/entitlements/codesign.py
+++ b/examples/darwin-framework-tool/entitlements/codesign.py
@@ -34,7 +34,8 @@ def get_identity():
             "No valid identity has been found. Application will run without entitlements.")
         exit(0)
 
-    identity = re.search(r'\b[0-9a-fA-F]{40}\b', command_result)
+    command_result = command_result.replace("\\n", "\n")
+    identity = re.search(r'\b[0-9a-fA-F]{40}\b(?![^\n]*\(CSSMERR_TP_CERT_EXPIRED\))', command_result)
     if identity is None:
         print(
             "No valid identity has been found. Application will run without entitlements.")