From e58833f87a83156b886ad435294bd3cbbc21f496 Mon Sep 17 00:00:00 2001
From: Jake Petroules <jake.petroules@theqtcompany.com>
Date: Sat, 3 Oct 2015 09:58:09 -0700
Subject: Add signingTimestamp property.

This lets the user control if/how timestamps are applied to signed code.
Qbs defaults to "none" to match Xcode.

Change-Id: I72463681c8c769ada7d9e406a5a398134007a85f
Reviewed-by: Christian Kandeler <christian.kandeler@theqtcompany.com>
---
 doc/reference/modules/xcode-module.qdoc           |  9 +++++++++
 share/qbs/imports/qbs/DarwinTools/darwin-tools.js | 16 ++++++++++++++++
 share/qbs/modules/bundle/BundleModule.qbs         |  2 ++
 share/qbs/modules/cpp/gcc.js                      |  3 +++
 share/qbs/modules/xcode/xcode.qbs                 |  2 ++
 5 files changed, 32 insertions(+)

diff --git a/doc/reference/modules/xcode-module.qdoc b/doc/reference/modules/xcode-module.qdoc
index 62b8f9058..4e772a573 100644
--- a/doc/reference/modules/xcode-module.qdoc
+++ b/doc/reference/modules/xcode-module.qdoc
@@ -120,6 +120,15 @@
         \li 1.5
         \li \c{"~/Library/MobileDevice/Provisioning Profiles"}
         \li Path to directory containing provisioning profiles installed on the system.
+    \row
+        \li signingTimestamp
+        \li string
+        \li 1.5
+        \li \c{"none"}
+        \li URL of the timestamp authority server to be contacted to authenticate code signing.
+            \c{undefined} indicates that a system-specific default should be used, and the empty
+            string indicates the default server provided by Apple. \c{"none"} explicitly disables
+            the use of timestamp services and this should not usually need to be changed.
     \endtable
 
     \section1 Read-only Properties
diff --git a/share/qbs/imports/qbs/DarwinTools/darwin-tools.js b/share/qbs/imports/qbs/DarwinTools/darwin-tools.js
index 0656027f7..0d67f90ab 100644
--- a/share/qbs/imports/qbs/DarwinTools/darwin-tools.js
+++ b/share/qbs/imports/qbs/DarwinTools/darwin-tools.js
@@ -232,3 +232,19 @@ function cleanPropertyList(plist) {
             cleanPropertyList(plist[key]);
     }
 }
+
+function _codeSignTimestampFlags(product) {
+    // If signingTimestamp is undefined, do not specify the flag at all -
+    // this uses the system-specific default behavior
+    var signingTimestamp = product.moduleProperty("xcode", "signingTimestamp");
+    if (signingTimestamp !== undefined) {
+        // If signingTimestamp is an empty string, specify the flag but do
+        // not specify a value - this uses a default Apple-provided server
+        var flag = "--timestamp";
+        if (signingTimestamp)
+            flag += "=" + signingTimestamp;
+        return [flag];
+    }
+
+    return [];
+}
diff --git a/share/qbs/modules/bundle/BundleModule.qbs b/share/qbs/modules/bundle/BundleModule.qbs
index 360978122..81961cd7f 100644
--- a/share/qbs/modules/bundle/BundleModule.qbs
+++ b/share/qbs/modules/bundle/BundleModule.qbs
@@ -628,6 +628,8 @@ Module {
                         var args = product.moduleProperty("xcode", "codesignFlags") || [];
                         args.push("--force");
                         args.push("--sign", actualSigningIdentity);
+                        args = args.concat(DarwinTools._codeSignTimestampFlags(product));
+
                         for (var j in inputs.xcent) {
                             args.push("--entitlements", inputs.xcent[j].filePath);
                             break; // there should only be one
diff --git a/share/qbs/modules/cpp/gcc.js b/share/qbs/modules/cpp/gcc.js
index 4f9337458..bb26ec17b 100644
--- a/share/qbs/modules/cpp/gcc.js
+++ b/share/qbs/modules/cpp/gcc.js
@@ -30,6 +30,7 @@
 
 var File = loadExtension("qbs.File");
 var FileInfo = loadExtension("qbs.FileInfo");
+var DarwinTools = loadExtension("qbs.DarwinTools");
 var ModUtils = loadExtension("qbs.ModUtils");
 var PathTools = loadExtension("qbs.PathTools");
 var UnixUtils = loadExtension("qbs.UnixUtils");
@@ -764,6 +765,8 @@ function prepareLinker(project, product, inputs, outputs, input, output) {
         var args = product.moduleProperty("xcode", "codesignFlags") || [];
         args.push("--force");
         args.push("--sign", actualSigningIdentity);
+        args = args.concat(DarwinTools._codeSignTimestampFlags(product));
+
         for (var j in inputs.xcent) {
             args.push("--entitlements", inputs.xcent[j].filePath);
             break; // there should only be one
diff --git a/share/qbs/modules/xcode/xcode.qbs b/share/qbs/modules/xcode/xcode.qbs
index 7daf2c586..ad54b6cd2 100644
--- a/share/qbs/modules/xcode/xcode.qbs
+++ b/share/qbs/modules/xcode/xcode.qbs
@@ -62,6 +62,8 @@ Module {
             return _actualSigningIdentity[0][1];
     }
 
+    property string signingTimestamp: "none"
+
     property string provisioningProfile
 
     property string securityName: "security"
-- 
cgit v1.2.3