aboutsummaryrefslogtreecommitdiffstats
path: root/share/qbs/modules/codesign
diff options
context:
space:
mode:
Diffstat (limited to 'share/qbs/modules/codesign')
-rw-r--r--share/qbs/modules/codesign/android.qbs4
-rw-r--r--share/qbs/modules/codesign/apple.qbs22
-rw-r--r--share/qbs/modules/codesign/codesign.js106
-rw-r--r--share/qbs/modules/codesign/signtool.qbs6
4 files changed, 79 insertions, 59 deletions
diff --git a/share/qbs/modules/codesign/android.qbs b/share/qbs/modules/codesign/android.qbs
index e149e033c..b1811dcfd 100644
--- a/share/qbs/modules/codesign/android.qbs
+++ b/share/qbs/modules/codesign/android.qbs
@@ -37,7 +37,7 @@ import qbs.Probes
import "codesign.js" as CodeSign
CodeSignModule {
- condition: qbs.targetOS.contains("android")
+ condition: qbs.targetOS.includes("android")
priority: 1
enableCodeSigning: true
@@ -55,7 +55,7 @@ CodeSignModule {
property string keytoolName: "keytool"
property string debugKeystorePath: FileInfo.joinPaths(
- Environment.getEnv(Host.os().contains("windows")
+ Environment.getEnv(Host.os().includes("windows")
? "USERPROFILE" : "HOME"),
".android", "debug.keystore")
readonly property string debugKeystorePassword: "android"
diff --git a/share/qbs/modules/codesign/apple.qbs b/share/qbs/modules/codesign/apple.qbs
index 05232d7c1..0d1335d92 100644
--- a/share/qbs/modules/codesign/apple.qbs
+++ b/share/qbs/modules/codesign/apple.qbs
@@ -43,14 +43,14 @@ import "codesign.js" as CodeSign
import "../xcode/xcode.js" as XcodeUtils
CodeSignModule {
- Depends { name: "xcode"; required: qbs.toolchain && qbs.toolchain.contains("xcode") }
+ Depends { name: "xcode"; required: qbs.toolchain && qbs.toolchain.includes("xcode") }
Probes.BinaryProbe {
id: codesignProbe
names: [codesignName]
}
- condition: Host.os().contains("macos") && qbs.targetOS.contains("darwin")
+ condition: Host.os().includes("macos") && qbs.targetOS.includes("darwin")
priority: 0
enableCodeSigning: _codeSigningRequired
@@ -78,15 +78,15 @@ CodeSignModule {
var isDebug = qbs.buildVariant !== "release";
- if (qbs.targetOS.contains("ios") || qbs.targetOS.contains("tvos")
- || qbs.targetOS.contains("watchos")) {
+ if (qbs.targetOS.includes("ios") || qbs.targetOS.includes("tvos")
+ || qbs.targetOS.includes("watchos")) {
switch (signingType) {
case "app-store":
return isDebug ? "iPhone Developer" : "iPhone Distribution";
}
}
- if (qbs.targetOS.contains("macos")) {
+ if (qbs.targetOS.includes("macos")) {
switch (signingType) {
case "app-store":
return isDebug ? "Mac Developer" : "3rd Party Mac Developer Application";
@@ -161,27 +161,27 @@ CodeSignModule {
readonly property bool _provisioningProfileAllowed:
product.bundle
&& product.bundle.isBundle
- && product.type.contains("application")
+ && product.type.includes("application")
&& xcode.platformType !== "simulator"
// Required for tvOS, iOS, and watchOS (not simulators)
// PROVISIONING_PROFILE_REQUIRED is specified only in Embedded-Device.xcspec in the
// IDEiOSSupportCore IDE plugin, so we'll just write out the logic here manually
readonly property bool _provisioningProfileRequired:
- _provisioningProfileAllowed && !qbs.targetOS.contains("macos")
+ _provisioningProfileAllowed && !qbs.targetOS.includes("macos")
// Not used on simulator platforms either but provisioning profiles aren't used there anyways
readonly property string _provisioningProfilePlatform: {
- if (qbs.targetOS.contains("macos"))
+ if (qbs.targetOS.includes("macos"))
return "OSX";
- if (qbs.targetOS.contains("ios") || qbs.targetOS.contains("watchos"))
+ if (qbs.targetOS.includes("ios") || qbs.targetOS.includes("watchos"))
return "iOS";
- if (qbs.targetOS.contains("tvos"))
+ if (qbs.targetOS.includes("tvos"))
return "tvOS";
}
readonly property string _embeddedProfileName:
- (xcode._platformProps || {})["EMBEDDED_PROFILE_NAME"]
+ (xcode._platformProps || {})["EMBEDDED_PROFILE_NAME"] || "embedded.mobileprovision"
setupBuildEnvironment: {
var prefixes = product.xcode ? [
diff --git a/share/qbs/modules/codesign/codesign.js b/share/qbs/modules/codesign/codesign.js
index 463e7cbb7..482225ea2 100644
--- a/share/qbs/modules/codesign/codesign.js
+++ b/share/qbs/modules/codesign/codesign.js
@@ -43,10 +43,12 @@ function findSigningIdentities(searchString, team) {
var matchedIdentities = {};
for (var key in identities) {
var identity = identities[key];
- if (team && ![identity.subjectInfo.O, identity.subjectInfo.OU].contains(team))
+ if (team && ![identity.subjectInfo.O, identity.subjectInfo.OU].includes(team))
continue;
- if (searchString === key || identity.subjectInfo.CN.startsWith(searchString))
+ if (searchString === key
+ || (identity.subjectInfo.CN && identity.subjectInfo.CN.startsWith(searchString))) {
matchedIdentities[key] = identity;
+ }
}
return matchedIdentities;
}
@@ -103,7 +105,7 @@ function findBestProvisioningProfile(product, files) {
// Provisioning profiles are not normally used with ad-hoc code signing or non-apps
// We do these checks down here only for the automatic selection but not above because
// if the user explicitly selects a provisioning profile it should be used no matter what
- if (actualSigningIdentity.SHA1 === "-" || !product.type.contains("application"))
+ if (actualSigningIdentity.SHA1 === "-" || !product.type.includes("application"))
return undefined;
// Filter out any provisioning profiles we know to be unsuitable from the start
@@ -114,7 +116,7 @@ function findBestProvisioningProfile(product, files) {
var certCommonNames = (data["DeveloperCertificates"] || []).map(function (cert) {
return Utilities.certificateInfo(cert).subjectInfo.CN;
});
- if (!certCommonNames.contains(actualSigningIdentity.subjectInfo.CN)) {
+ if (!certCommonNames.includes(actualSigningIdentity.subjectInfo.CN)) {
console.log("Skipping provisioning profile with no matching certificate names for '"
+ actualSigningIdentity.subjectInfo.CN
+ "' (found " + certCommonNames.join(", ") + "): "
@@ -124,7 +126,7 @@ function findBestProvisioningProfile(product, files) {
}
var platforms = data["Platform"] || [];
- if (platforms.length > 0 && profilePlatform && !platforms.contains(profilePlatform)) {
+ if (platforms.length > 0 && profilePlatform && !platforms.includes(profilePlatform)) {
console.log("Skipping provisioning profile for platform " + platforms.join(", ")
+ " (current platform " + profilePlatform + ")"
+ ": " + profile.filePath);
@@ -132,7 +134,7 @@ function findBestProvisioningProfile(product, files) {
}
if (teamIdentifier
- && !data["TeamIdentifier"].contains(teamIdentifier)
+ && !data["TeamIdentifier"].includes(teamIdentifier)
&& data["TeamName"] !== teamIdentifier) {
console.log("Skipping provisioning profile for team " + data["TeamIdentifier"]
+ " (" + data["TeamName"] + ") (current team " + teamIdentifier + ")"
@@ -223,7 +225,7 @@ function findBestSignToolSearchPaths(arch) {
});
function addSearchPath(searchPath) {
- if (File.exists(searchPath) && !searchPaths.contains(searchPath)) {
+ if (File.exists(searchPath) && !searchPaths.includes(searchPath)) {
searchPaths.push(searchPath);
return true;
}
@@ -278,20 +280,21 @@ function prepareSign(project, product, inputs, outputs, input, output) {
return cmds;
var isBundle = "bundle.content" in outputs;
- var outputFilePath = isBundle
- ? FileInfo.joinPaths(product.destinationDirectory, product.bundle.bundleName)
- : outputs["codesign.signed_artifact"][0].filePath;
- var outputFileName = isBundle
- ? product.bundle.bundleName
- : outputs["codesign.signed_artifact"][0].fileName;
- var isProductBundle = product.bundle && product.bundle.isBundle;
- // If the product is a bundle, just sign the bundle
- // instead of signing the bundle and executable separately
+ var artifacts = [];
+ if (isBundle) {
+ artifacts = [{
+ filePath: FileInfo.joinPaths(product.destinationDirectory, product.bundle.bundleName),
+ fileName: product.bundle.bundleName
+ }];
+ } else {
+ artifacts = outputs["codesign.signed_artifact"];
+ }
+ var isProductBundle = product.bundle && product.bundle.isBundle;
var shouldSignArtifact = !isProductBundle || isBundle;
var enableCodeSigning = product.codesign.enableCodeSigning;
- if (enableCodeSigning && shouldSignArtifact) {
+ if (enableCodeSigning) {
var actualSigningIdentity = product.codesign._actualSigningIdentity;
if (!actualSigningIdentity) {
throw "No codesigning identities (i.e. certificate and private key pairs) matching “"
@@ -308,36 +311,53 @@ function prepareSign(project, product, inputs, outputs, input, output) {
}
}
- var args = ["--force", "--sign", actualSigningIdentity.SHA1];
-
- // If signingTimestamp is undefined or empty, do not specify the flag at all -
- // this uses the system-specific default behavior
- var signingTimestamp = product.codesign.signingTimestamp;
- if (signingTimestamp) {
- // If signingTimestamp is an empty string, specify the flag but do
- // not specify a value - this uses a default Apple-provided server
- var flag = "--timestamp";
- if (signingTimestamp)
- flag += "=" + signingTimestamp;
- args.push(flag);
+ // The codesign tool behaves weirdly. It can sign a bundle with a single artifact, but if
+ // say debug build variant is present, it starts complaining that it is not signed.
+ // We could always sign everything, but again, in case of a framework (but not in case of
+ // app or loadable bundle), codesign produces a warning that artifact is already signed.
+ // So, we skip signing the release artifact and only sign if other build variants present.
+ if (!shouldSignArtifact && artifacts.length == 1) {
+ artifacts = [];
}
+ for (var i = 0; i < artifacts.length; ++i) {
+ if (!shouldSignArtifact
+ && artifacts[i].qbs && artifacts[i].qbs.buildVariant === "release") {
+ continue;
+ }
+ var outputFilePath = artifacts[i].filePath;
+ var outputFileName = artifacts[i].fileName;
+
+ var args = ["--force", "--sign", actualSigningIdentity.SHA1];
+
+ // If signingTimestamp is undefined or empty, do not specify the flag at all -
+ // this uses the system-specific default behavior
+ var signingTimestamp = product.codesign.signingTimestamp;
+ if (signingTimestamp) {
+ // If signingTimestamp is an empty string, specify the flag but do
+ // not specify a value - this uses a default Apple-provided server
+ var flag = "--timestamp";
+ if (signingTimestamp)
+ flag += "=" + signingTimestamp;
+ args.push(flag);
+ }
- for (var j in inputs["codesign.xcent"]) {
- args.push("--entitlements", inputs["codesign.xcent"][j].filePath);
- break; // there should only be one
- }
+ for (var j in inputs["codesign.xcent"]) {
+ args.push("--entitlements", inputs["codesign.xcent"][j].filePath);
+ break; // there should only be one
+ }
- args = args.concat(product.codesign.codesignFlags || []);
+ args = args.concat(product.codesign.codesignFlags || []);
- args.push(outputFilePath + subpath);
- cmd = new Command(product.codesign.codesignPath, args);
- cmd.description = "codesign " + outputFileName
- + " (" + actualSigningIdentity.subjectInfo.CN + ")";
- cmd.outputFilePath = outputFilePath;
- cmd.stderrFilterFunction = function(stderr) {
- return stderr.replace(outputFilePath + ": replacing existing signature\n", "");
- };
- cmds.push(cmd);
+ args.push(outputFilePath + subpath);
+ cmd = new Command(product.codesign.codesignPath, args);
+ cmd.description = "codesign " + outputFileName
+ + " (" + actualSigningIdentity.subjectInfo.CN + ")";
+ cmd.outputFilePath = outputFilePath;
+ cmd.stderrFilterFunction = function(stderr) {
+ return stderr.replace(outputFilePath + ": replacing existing signature\n", "");
+ };
+ cmds.push(cmd);
+ }
}
if (isBundle) {
diff --git a/share/qbs/modules/codesign/signtool.qbs b/share/qbs/modules/codesign/signtool.qbs
index 0fc50f1b7..111f0a307 100644
--- a/share/qbs/modules/codesign/signtool.qbs
+++ b/share/qbs/modules/codesign/signtool.qbs
@@ -35,9 +35,9 @@ import qbs.Probes
import "codesign.js" as CODESIGN
CodeSignModule {
- condition: qbs.targetOS.contains("windows")
- && Host.os().contains("windows")
- && qbs.toolchain.contains("msvc")
+ condition: qbs.targetOS.includes("windows")
+ && Host.os().includes("windows")
+ && qbs.toolchain.includes("msvc")
_canSignArtifacts: true
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-22 01:52:00 +0000