diff options
author | Eike Ziller <eike.ziller@qt.io> | 2023-03-17 13:18:55 +0100 |
---|---|---|
committer | Eike Ziller <eike.ziller@qt.io> | 2023-04-17 11:36:31 +0000 |
commit | a543b8ee2646b279d27fd529ce74cbfea828ba20 (patch) | |
tree | 0284532a69ddfd319153aa96a9e8b8e3b422754d | |
parent | 569b15a9d38e8f0c9d1fa45e65940eed180f82a1 (diff) |
QtCreator: Sign on Windows
- make sign_windows_installer able to recurse directories
- pass the signing command to the Qt Creator build script
Task-number: QTCREATORBUG-25740
Task-number: QTCREATORBUG-28909
Change-Id: Idd2e96de36623833fc794cf5bee717b43b673efd
Reviewed-by: Cristian Adam <cristian.adam@qt.io>
-rw-r--r-- | packaging-tools/build_wrapper.py | 8 | ||||
-rwxr-xr-x | packaging-tools/sign_windows_installer.py | 12 |
2 files changed, 17 insertions, 3 deletions
diff --git a/packaging-tools/build_wrapper.py b/packaging-tools/build_wrapper.py index ca465fe76..a1506118b 100644 --- a/packaging-tools/build_wrapper.py +++ b/packaging-tools/build_wrapper.py @@ -827,6 +827,14 @@ def handle_qt_creator_build(option_dict: Dict[str, str], qtcreator_plugins: List if is_macos(): if has_unlock_keychain_script: cmd_args.extend(['--keychain-unlock-script', unlock_keychain_script()]) + if is_windows(): + python3_path = option_dict.get('PYTHON3_PATH') or '' + cmd_args.extend(['--sign-command', '"' + os.path.join(python3_path, 'python.exe') + + '" -m pipenv run python -u qtsdk/packaging-tools/sign_windows_installer.py --file']) + # we cannot change the CWD, and pipenv doesn't support specifying a pipfile on the command line + # (https://github.com/pypa/pipenv/issues/2237), so we need to set this globally in the environment + # ...which would break things if the QtC build script required a pipenv itself... + build_environment['PIPENV_PIPFILE'] = os.path.join(work_dir, 'qtsdk', 'Pipfile') if python_path: cmd_args.extend(['--python-path', python_path]) if elfutils_path: diff --git a/packaging-tools/sign_windows_installer.py b/packaging-tools/sign_windows_installer.py index 210239430..b7d10b1a6 100755 --- a/packaging-tools/sign_windows_installer.py +++ b/packaging-tools/sign_windows_installer.py @@ -129,7 +129,13 @@ def sign_executable(file_path: str) -> None: try: key_path: str = decrypt_private_key() download_signing_tools(key_path) - _handle_signing(file_path) + path = Path(file_path) + if path.is_dir(): + for subpath in path.rglob('*'): + if subpath.is_file() and subpath.suffix in ['.exe', '.dll', '.pyd']: + _handle_signing(str(subpath)) + else: + _handle_signing(file_path) finally: # cleanup temporary files if "key_path" in locals(): @@ -140,8 +146,8 @@ def sign_executable(file_path: str) -> None: def main() -> None: """Main""" - parser = argparse.ArgumentParser(prog="Codesign Windows executables") - parser.add_argument("--file", dest="file_to_sign", required=True, help="File to sign") + parser = argparse.ArgumentParser(prog="Codesign Windows executables and DLLs") + parser.add_argument("--file", dest="file_to_sign", required=True, help="File or directory to sign") args = parser.parse_args(sys.argv[1:]) sign_executable(args.file_to_sign) |