diff options
Diffstat (limited to 'share/qbs/modules/codesign')
-rw-r--r-- | share/qbs/modules/codesign/android.qbs | 4 | ||||
-rw-r--r-- | share/qbs/modules/codesign/apple.qbs | 22 | ||||
-rw-r--r-- | share/qbs/modules/codesign/codesign.js | 106 | ||||
-rw-r--r-- | share/qbs/modules/codesign/signtool.qbs | 6 |
4 files changed, 79 insertions, 59 deletions
diff --git a/share/qbs/modules/codesign/android.qbs b/share/qbs/modules/codesign/android.qbs index e149e033c..b1811dcfd 100644 --- a/share/qbs/modules/codesign/android.qbs +++ b/share/qbs/modules/codesign/android.qbs @@ -37,7 +37,7 @@ import qbs.Probes import "codesign.js" as CodeSign CodeSignModule { - condition: qbs.targetOS.contains("android") + condition: qbs.targetOS.includes("android") priority: 1 enableCodeSigning: true @@ -55,7 +55,7 @@ CodeSignModule { property string keytoolName: "keytool" property string debugKeystorePath: FileInfo.joinPaths( - Environment.getEnv(Host.os().contains("windows") + Environment.getEnv(Host.os().includes("windows") ? "USERPROFILE" : "HOME"), ".android", "debug.keystore") readonly property string debugKeystorePassword: "android" diff --git a/share/qbs/modules/codesign/apple.qbs b/share/qbs/modules/codesign/apple.qbs index 05232d7c1..0d1335d92 100644 --- a/share/qbs/modules/codesign/apple.qbs +++ b/share/qbs/modules/codesign/apple.qbs @@ -43,14 +43,14 @@ import "codesign.js" as CodeSign import "../xcode/xcode.js" as XcodeUtils CodeSignModule { - Depends { name: "xcode"; required: qbs.toolchain && qbs.toolchain.contains("xcode") } + Depends { name: "xcode"; required: qbs.toolchain && qbs.toolchain.includes("xcode") } Probes.BinaryProbe { id: codesignProbe names: [codesignName] } - condition: Host.os().contains("macos") && qbs.targetOS.contains("darwin") + condition: Host.os().includes("macos") && qbs.targetOS.includes("darwin") priority: 0 enableCodeSigning: _codeSigningRequired @@ -78,15 +78,15 @@ CodeSignModule { var isDebug = qbs.buildVariant !== "release"; - if (qbs.targetOS.contains("ios") || qbs.targetOS.contains("tvos") - || qbs.targetOS.contains("watchos")) { + if (qbs.targetOS.includes("ios") || qbs.targetOS.includes("tvos") + || qbs.targetOS.includes("watchos")) { switch (signingType) { case "app-store": return isDebug ? "iPhone Developer" : "iPhone Distribution"; } } - if (qbs.targetOS.contains("macos")) { + if (qbs.targetOS.includes("macos")) { switch (signingType) { case "app-store": return isDebug ? "Mac Developer" : "3rd Party Mac Developer Application"; @@ -161,27 +161,27 @@ CodeSignModule { readonly property bool _provisioningProfileAllowed: product.bundle && product.bundle.isBundle - && product.type.contains("application") + && product.type.includes("application") && xcode.platformType !== "simulator" // Required for tvOS, iOS, and watchOS (not simulators) // PROVISIONING_PROFILE_REQUIRED is specified only in Embedded-Device.xcspec in the // IDEiOSSupportCore IDE plugin, so we'll just write out the logic here manually readonly property bool _provisioningProfileRequired: - _provisioningProfileAllowed && !qbs.targetOS.contains("macos") + _provisioningProfileAllowed && !qbs.targetOS.includes("macos") // Not used on simulator platforms either but provisioning profiles aren't used there anyways readonly property string _provisioningProfilePlatform: { - if (qbs.targetOS.contains("macos")) + if (qbs.targetOS.includes("macos")) return "OSX"; - if (qbs.targetOS.contains("ios") || qbs.targetOS.contains("watchos")) + if (qbs.targetOS.includes("ios") || qbs.targetOS.includes("watchos")) return "iOS"; - if (qbs.targetOS.contains("tvos")) + if (qbs.targetOS.includes("tvos")) return "tvOS"; } readonly property string _embeddedProfileName: - (xcode._platformProps || {})["EMBEDDED_PROFILE_NAME"] + (xcode._platformProps || {})["EMBEDDED_PROFILE_NAME"] || "embedded.mobileprovision" setupBuildEnvironment: { var prefixes = product.xcode ? [ diff --git a/share/qbs/modules/codesign/codesign.js b/share/qbs/modules/codesign/codesign.js index 463e7cbb7..482225ea2 100644 --- a/share/qbs/modules/codesign/codesign.js +++ b/share/qbs/modules/codesign/codesign.js @@ -43,10 +43,12 @@ function findSigningIdentities(searchString, team) { var matchedIdentities = {}; for (var key in identities) { var identity = identities[key]; - if (team && ![identity.subjectInfo.O, identity.subjectInfo.OU].contains(team)) + if (team && ![identity.subjectInfo.O, identity.subjectInfo.OU].includes(team)) continue; - if (searchString === key || identity.subjectInfo.CN.startsWith(searchString)) + if (searchString === key + || (identity.subjectInfo.CN && identity.subjectInfo.CN.startsWith(searchString))) { matchedIdentities[key] = identity; + } } return matchedIdentities; } @@ -103,7 +105,7 @@ function findBestProvisioningProfile(product, files) { // Provisioning profiles are not normally used with ad-hoc code signing or non-apps // We do these checks down here only for the automatic selection but not above because // if the user explicitly selects a provisioning profile it should be used no matter what - if (actualSigningIdentity.SHA1 === "-" || !product.type.contains("application")) + if (actualSigningIdentity.SHA1 === "-" || !product.type.includes("application")) return undefined; // Filter out any provisioning profiles we know to be unsuitable from the start @@ -114,7 +116,7 @@ function findBestProvisioningProfile(product, files) { var certCommonNames = (data["DeveloperCertificates"] || []).map(function (cert) { return Utilities.certificateInfo(cert).subjectInfo.CN; }); - if (!certCommonNames.contains(actualSigningIdentity.subjectInfo.CN)) { + if (!certCommonNames.includes(actualSigningIdentity.subjectInfo.CN)) { console.log("Skipping provisioning profile with no matching certificate names for '" + actualSigningIdentity.subjectInfo.CN + "' (found " + certCommonNames.join(", ") + "): " @@ -124,7 +126,7 @@ function findBestProvisioningProfile(product, files) { } var platforms = data["Platform"] || []; - if (platforms.length > 0 && profilePlatform && !platforms.contains(profilePlatform)) { + if (platforms.length > 0 && profilePlatform && !platforms.includes(profilePlatform)) { console.log("Skipping provisioning profile for platform " + platforms.join(", ") + " (current platform " + profilePlatform + ")" + ": " + profile.filePath); @@ -132,7 +134,7 @@ function findBestProvisioningProfile(product, files) { } if (teamIdentifier - && !data["TeamIdentifier"].contains(teamIdentifier) + && !data["TeamIdentifier"].includes(teamIdentifier) && data["TeamName"] !== teamIdentifier) { console.log("Skipping provisioning profile for team " + data["TeamIdentifier"] + " (" + data["TeamName"] + ") (current team " + teamIdentifier + ")" @@ -223,7 +225,7 @@ function findBestSignToolSearchPaths(arch) { }); function addSearchPath(searchPath) { - if (File.exists(searchPath) && !searchPaths.contains(searchPath)) { + if (File.exists(searchPath) && !searchPaths.includes(searchPath)) { searchPaths.push(searchPath); return true; } @@ -278,20 +280,21 @@ function prepareSign(project, product, inputs, outputs, input, output) { return cmds; var isBundle = "bundle.content" in outputs; - var outputFilePath = isBundle - ? FileInfo.joinPaths(product.destinationDirectory, product.bundle.bundleName) - : outputs["codesign.signed_artifact"][0].filePath; - var outputFileName = isBundle - ? product.bundle.bundleName - : outputs["codesign.signed_artifact"][0].fileName; - var isProductBundle = product.bundle && product.bundle.isBundle; - // If the product is a bundle, just sign the bundle - // instead of signing the bundle and executable separately + var artifacts = []; + if (isBundle) { + artifacts = [{ + filePath: FileInfo.joinPaths(product.destinationDirectory, product.bundle.bundleName), + fileName: product.bundle.bundleName + }]; + } else { + artifacts = outputs["codesign.signed_artifact"]; + } + var isProductBundle = product.bundle && product.bundle.isBundle; var shouldSignArtifact = !isProductBundle || isBundle; var enableCodeSigning = product.codesign.enableCodeSigning; - if (enableCodeSigning && shouldSignArtifact) { + if (enableCodeSigning) { var actualSigningIdentity = product.codesign._actualSigningIdentity; if (!actualSigningIdentity) { throw "No codesigning identities (i.e. certificate and private key pairs) matching “" @@ -308,36 +311,53 @@ function prepareSign(project, product, inputs, outputs, input, output) { } } - var args = ["--force", "--sign", actualSigningIdentity.SHA1]; - - // If signingTimestamp is undefined or empty, do not specify the flag at all - - // this uses the system-specific default behavior - var signingTimestamp = product.codesign.signingTimestamp; - if (signingTimestamp) { - // If signingTimestamp is an empty string, specify the flag but do - // not specify a value - this uses a default Apple-provided server - var flag = "--timestamp"; - if (signingTimestamp) - flag += "=" + signingTimestamp; - args.push(flag); + // The codesign tool behaves weirdly. It can sign a bundle with a single artifact, but if + // say debug build variant is present, it starts complaining that it is not signed. + // We could always sign everything, but again, in case of a framework (but not in case of + // app or loadable bundle), codesign produces a warning that artifact is already signed. + // So, we skip signing the release artifact and only sign if other build variants present. + if (!shouldSignArtifact && artifacts.length == 1) { + artifacts = []; } + for (var i = 0; i < artifacts.length; ++i) { + if (!shouldSignArtifact + && artifacts[i].qbs && artifacts[i].qbs.buildVariant === "release") { + continue; + } + var outputFilePath = artifacts[i].filePath; + var outputFileName = artifacts[i].fileName; + + var args = ["--force", "--sign", actualSigningIdentity.SHA1]; + + // If signingTimestamp is undefined or empty, do not specify the flag at all - + // this uses the system-specific default behavior + var signingTimestamp = product.codesign.signingTimestamp; + if (signingTimestamp) { + // If signingTimestamp is an empty string, specify the flag but do + // not specify a value - this uses a default Apple-provided server + var flag = "--timestamp"; + if (signingTimestamp) + flag += "=" + signingTimestamp; + args.push(flag); + } - for (var j in inputs["codesign.xcent"]) { - args.push("--entitlements", inputs["codesign.xcent"][j].filePath); - break; // there should only be one - } + for (var j in inputs["codesign.xcent"]) { + args.push("--entitlements", inputs["codesign.xcent"][j].filePath); + break; // there should only be one + } - args = args.concat(product.codesign.codesignFlags || []); + args = args.concat(product.codesign.codesignFlags || []); - args.push(outputFilePath + subpath); - cmd = new Command(product.codesign.codesignPath, args); - cmd.description = "codesign " + outputFileName - + " (" + actualSigningIdentity.subjectInfo.CN + ")"; - cmd.outputFilePath = outputFilePath; - cmd.stderrFilterFunction = function(stderr) { - return stderr.replace(outputFilePath + ": replacing existing signature\n", ""); - }; - cmds.push(cmd); + args.push(outputFilePath + subpath); + cmd = new Command(product.codesign.codesignPath, args); + cmd.description = "codesign " + outputFileName + + " (" + actualSigningIdentity.subjectInfo.CN + ")"; + cmd.outputFilePath = outputFilePath; + cmd.stderrFilterFunction = function(stderr) { + return stderr.replace(outputFilePath + ": replacing existing signature\n", ""); + }; + cmds.push(cmd); + } } if (isBundle) { diff --git a/share/qbs/modules/codesign/signtool.qbs b/share/qbs/modules/codesign/signtool.qbs index 0fc50f1b7..111f0a307 100644 --- a/share/qbs/modules/codesign/signtool.qbs +++ b/share/qbs/modules/codesign/signtool.qbs @@ -35,9 +35,9 @@ import qbs.Probes import "codesign.js" as CODESIGN CodeSignModule { - condition: qbs.targetOS.contains("windows") - && Host.os().contains("windows") - && qbs.toolchain.contains("msvc") + condition: qbs.targetOS.includes("windows") + && Host.os().includes("windows") + && qbs.toolchain.includes("msvc") _canSignArtifacts: true |