From 14d256aecdb49c67c15d327728824c45b0c335ae Mon Sep 17 00:00:00 2001 From: Leon Buckel Date: Mon, 10 Feb 2020 15:27:56 +0100 Subject: [PATCH] Fix code signing for Core Foundation bundles MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit xcode.qbs: - Change the contents of xcode._actualSigningIdentity as expected by the actualSigningIdentity and actualSigningIdentityDisplayName properties - Use Utilities.signingIdentities() to get rid of warning ’Suspicious use of Process during property evaluation...’ - Throw error if specified identity was not found BundleModule.qbs: - Add ‘_CodeSignature/CodeResources’ to outputArtifacts with the tag ‘bundle.code-signature’ and ‘bundle.content’ - Remove local var ‘bundles’ which was always undefined - Fix ‘ModUtils.moduleProperty("qbs", "pathSeparator")’ resulting in ‘TypeError: Result of expression 'obj.moduleProperty' [undefined] is not a function.’ --- share/qbs/modules/bundle/BundleModule.qbs | 90 +++++++++++------------ share/qbs/modules/xcode/xcode.qbs | 33 ++++++--- 2 files changed, 66 insertions(+), 57 deletions(-) diff --git a/share/qbs/modules/bundle/BundleModule.qbs b/share/qbs/modules/bundle/BundleModule.qbs index 1e83dc458..0b3ceb4a6 100644 --- a/share/qbs/modules/bundle/BundleModule.qbs +++ b/share/qbs/modules/bundle/BundleModule.qbs @@ -523,7 +523,8 @@ Module { "bundle.symlink.headers", "bundle.symlink.private-headers", "bundle.symlink.resources", "bundle.symlink.executable", "bundle.symlink.version", "bundle.hpp", "bundle.resource", - "bundle.provisioningprofile", "bundle.content.copied", "bundle.application-executable"] + "bundle.provisioningprofile", "bundle.content.copied", "bundle.application-executable", + "bundle.code-signature"] outputArtifacts: { var i, artifacts = []; if (ModUtils.moduleProperty(product, "isBundle")) { @@ -611,6 +612,13 @@ Module { ModUtils.moduleProperty(product, "bundleName")); for (var i = 0; i < artifacts.length; ++i) artifacts[i].bundle = { wrapperPath: wrapperPath }; + + if (product.qbs.hostOS.contains("darwin") && product.xcode.signingIdentity) { + artifacts.push({ + filePath: FileInfo.joinPaths(product.bundle.contentsFolderPath, "_CodeSignature/CodeResources"), + fileTags: ["bundle.code-signature", "bundle.content"] + }); + } } return artifacts; } @@ -625,19 +633,8 @@ Module { if (packageType === "FMWK") bundleType = "framework"; - var bundles = outputs.bundle; - for (i in bundles) { - cmd = new Command("mkdir", ["-p", bundles[i].filePath]); - cmd.description = "creating " + bundleType + " " + product.targetName; - commands.push(cmd); - - cmd = new Command("touch", ["-c", bundles[i].filePath]); - cmd.silent = true; - commands.push(cmd); - } - // Product is unbundled - if (commands.length === 0) { + if (!product.bundle.isBundle) { cmd = new JavaScriptCommand(); cmd.silent = true; cmd.sourceCode = function () { }; @@ -764,44 +761,41 @@ Module { commands.push(cmd); if (product.moduleProperty("qbs", "hostOS").contains("darwin")) { - for (i in bundles) { - var actualSigningIdentity = product.moduleProperty("xcode", "actualSigningIdentity"); - var codesignDisplayName = product.moduleProperty("xcode", "actualSigningIdentityDisplayName"); - if (actualSigningIdentity) { - // If this is a framework, we need to sign its versioned directory - var subpath = ""; - var frameworkVersion = ModUtils.moduleProperty(product, "frameworkVersion"); - if (frameworkVersion) { - subpath = ModUtils.moduleProperty(product, "contentsFolderPath"); - subpath = subpath.substring(subpath.indexOf(ModUtils.moduleProperty("qbs", "pathSeparator"))); - } - - var args = product.moduleProperty("xcode", "codesignFlags") || []; - args.push("--force"); - args.push("--sign", actualSigningIdentity); - args = args.concat(DarwinTools._codeSignTimestampFlags(product)); - - for (var j in inputs.xcent) { - args.push("--entitlements", inputs.xcent[j].filePath); - break; // there should only be one - } - args.push(bundles[i].filePath + subpath); - - cmd = new Command(product.moduleProperty("xcode", "codesignPath"), args); - cmd.description = "codesign " - + ModUtils.moduleProperty(product, "bundleName") - + " using " + codesignDisplayName - + " (" + actualSigningIdentity + ")"; - commands.push(cmd); + var actualSigningIdentity = product.moduleProperty("xcode", "actualSigningIdentity"); + var codesignDisplayName = product.moduleProperty("xcode", "actualSigningIdentityDisplayName"); + if (actualSigningIdentity) { + var args = product.moduleProperty("xcode", "codesignFlags") || []; + args.push("--force"); + args.push("--sign", actualSigningIdentity); + args = args.concat(DarwinTools._codeSignTimestampFlags(product)); + + for (var j in inputs.xcent) { + args.push("--entitlements", inputs.xcent[j].filePath); + break; // there should only be one } - if (bundleType === "application" - && product.moduleProperty("qbs", "targetOS").contains("macos")) { - cmd = new Command(ModUtils.moduleProperty(product, "lsregisterPath"), - ["-f", bundles[i].filePath]); - cmd.description = "register " + ModUtils.moduleProperty(product, "bundleName"); - commands.push(cmd); + // If this is a framework, we need to sign its versioned directory + if (bundleType === "framework") { + args.push(product.bundle.contentsFolderPath); + } else { + args.push(product.bundle.bundleName); } + + cmd = new Command(product.moduleProperty("xcode", "codesignPath"), args); + cmd.workingDirectory = product.destinationDirectory; + cmd.description = "codesign " + + ModUtils.moduleProperty(product, "bundleName") + + " using " + codesignDisplayName + + " (" + actualSigningIdentity + ")"; + commands.push(cmd); + } + + if (bundleType === "application" + && product.moduleProperty("qbs", "targetOS").contains("macos")) { + cmd = new Command(ModUtils.moduleProperty(product, "lsregisterPath"), + ["-f", product.bundle.bundleName]); + cmd.description = "register " + ModUtils.moduleProperty(product, "bundleName"); + commands.push(cmd); } } diff --git a/share/qbs/modules/xcode/xcode.qbs b/share/qbs/modules/xcode/xcode.qbs index 922580505..648948192 100644 --- a/share/qbs/modules/xcode/xcode.qbs +++ b/share/qbs/modules/xcode/xcode.qbs @@ -6,6 +6,7 @@ import qbs.DarwinTools import qbs.ModUtils import qbs.Probes import qbs.PropertyList +import qbs.Utilities import 'xcode.js' as Xcode Module { @@ -75,13 +76,13 @@ Module { property string signingIdentity readonly property string actualSigningIdentity: { - if (_actualSigningIdentity && _actualSigningIdentity.length === 1) - return _actualSigningIdentity[0][0]; + if (_actualSigningIdentity && _actualSigningIdentity.length === 2) + return _actualSigningIdentity[0]; } readonly property string actualSigningIdentityDisplayName: { - if (_actualSigningIdentity && _actualSigningIdentity.length === 1) - return _actualSigningIdentity[0][1]; + if (_actualSigningIdentity && _actualSigningIdentity.length === 2) + return _actualSigningIdentity[1]; } property string signingTimestamp: "none" @@ -131,15 +132,29 @@ Module { readonly property stringList _actualSigningIdentity: { if (/^[A-Fa-f0-9]{40}$/.test(signingIdentity)) { - return signingIdentity; + return [signingIdentity, signingIdentity]; } - var identities = Xcode.findSigningIdentities(securityPath, signingIdentity); - if (identities && identities.length > 1) { - throw "Signing identity '" + signingIdentity + "' is ambiguous"; + var result = []; + + if (signingIdentity) { + var identities = Utilities.signingIdentities(); + for (var key in identities) { + if (identities[key].subjectInfo.CN === signingIdentity) { + result.push([key, signingIdentity]); + } + } + + if (result.length == 0) { + throw "Unable to find signingIdentity '" + signingIdentity + "'"; + } + + if (result.length > 1) { + throw "Signing identity '" + signingIdentity + "' is ambiguous"; + } } - return identities; + return result[0]; } property path provisioningProfilesPath: { -- 2.21.1 (Apple Git-122.3)