diff options
| author | Eike Ziller <eike.ziller@qt.io> | 2018-05-04 12:42:48 +0200 |
|---|---|---|
| committer | Eike Ziller <eike.ziller@qt.io> | 2018-05-14 08:48:30 +0000 |
| commit | 1fce7ff4f5244dfb98a5b0a333c52ecaba7e59c4 (patch) | |
| tree | ef429ba64c79b7ddc644b890b7ae55935495f9b2 | |
| parent | 3cfc715d7d33b724ad896c540af4a914d922e9bc (diff) | |
Fix code signature on macOS
We build packages with extra debug info, but sign the application before
removing the debug info for the release package.
We have to codesign (potentially again) between copying and packaging.
Task-number: QTCREATORBUG-20370
Change-Id: I5549ca5045eb995e5a61794473c2d0180b778711
Reviewed-by: Tim Jenssen <tim.jenssen@qt.io>
| -rw-r--r-- | scripts/common.py | 10 | ||||
| -rwxr-xr-x | scripts/createDistPackage.py | 7 | ||||
| -rwxr-xr-x | scripts/makedmg.py | 6 |
3 files changed, 21 insertions, 2 deletions
diff --git a/scripts/common.py b/scripts/common.py index b8f640377e..91ff78ad4e 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -177,3 +177,13 @@ def is_debug(path, filenames): def is_not_debug(path, filenames): files = [fn for fn in filenames if os.path.isfile(os.path.join(path, fn))] return [fn for fn in files if not is_debug_file(os.path.join(path, fn))] + +def codesign(app_path): + signing_identity = os.environ.get('SIGNING_IDENTITY') + if is_mac_platform() and signing_identity: + codesign_call = ['codesign', '--force', '--deep', '-s', signing_identity, '-v'] + signing_flags = os.environ.get('SIGNING_FLAGS') + if signing_flags: + codesign_call.extend(signing_flags.split()) + codesign_call.append(app_path) + subprocess.check_call(codesign_call) diff --git a/scripts/createDistPackage.py b/scripts/createDistPackage.py index 2b0c38ea5f..a2bdf1bd19 100755 --- a/scripts/createDistPackage.py +++ b/scripts/createDistPackage.py @@ -33,7 +33,8 @@ import tempfile import common def parse_arguments(): - parser = argparse.ArgumentParser(description="Create Qt Creator package, filtering out debug information files.") + parser = argparse.ArgumentParser(description="Create Qt Creator package, filtering out debug information files.", + epilog="To sign the contents before packaging on macOS, set the SIGNING_IDENTITY and optionally the SIGNING_FLAGS environment variables.") parser.add_argument('--7z', help='path to 7z binary', default='7z.exe' if common.is_windows_platform() else '7z', metavar='<7z_binary>', dest='sevenzip') @@ -52,6 +53,10 @@ def main(): try: common.copytree(arguments.source_directory, tempdir, symlinks=True, ignore=(common.is_not_debug if arguments.debug else common.is_debug)) + # on macOS we might have to codesign (again) to account for removed debug info + if not arguments.debug: + common.codesign(tempdir) + # package zip_source = os.path.join(tempdir, '*') if arguments.exclude_toplevel else tempdir subprocess.check_call([arguments.sevenzip, 'a', '-mx9', arguments.target_archive, zip_source]) diff --git a/scripts/makedmg.py b/scripts/makedmg.py index 33721f90a7..7911a1be00 100755 --- a/scripts/makedmg.py +++ b/scripts/makedmg.py @@ -34,7 +34,8 @@ import time import common def parse_arguments(): - parser = argparse.ArgumentParser(description='Create Qt Creator disk image, filtering out debug information files.') + parser = argparse.ArgumentParser(description='Create Qt Creator disk image, filtering out debug information files.', + epilog="To sign the contents before packaging on macOS, set the SIGNING_IDENTITY and optionally the SIGNING_FLAGS environment variables.") parser.add_argument('target_diskimage', help='output .dmg file to create') parser.add_argument('dmg_volumename', help='volume name to use for the disk image') parser.add_argument('source_directory', help='directory with the Qt Creator sources') @@ -47,6 +48,9 @@ def main(): tempdir = os.path.join(tempdir_base, os.path.basename(arguments.binary_directory)) try: common.copytree(arguments.binary_directory, tempdir, symlinks=True, ignore=common.is_debug) + if common.is_mac_platform(): + app_path = [app for app in os.listdir(tempdir) if app.endswith('.app')][0] + common.codesign(os.path.join(tempdir, app_path)) os.symlink('/Applications', os.path.join(tempdir, 'Applications')) shutil.copy(os.path.join(arguments.source_directory, 'LICENSE.GPL3-EXCEPT'), tempdir) dmg_cmd = ['hdiutil', 'create', '-srcfolder', tempdir, '-volname', arguments.dmg_volumename, |