From 1fce7ff4f5244dfb98a5b0a333c52ecaba7e59c4 Mon Sep 17 00:00:00 2001 From: Eike Ziller Date: Fri, 4 May 2018 12:42:48 +0200 Subject: Fix code signature on macOS We build packages with extra debug info, but sign the application before removing the debug info for the release package. We have to codesign (potentially again) between copying and packaging. Task-number: QTCREATORBUG-20370 Change-Id: I5549ca5045eb995e5a61794473c2d0180b778711 Reviewed-by: Tim Jenssen --- scripts/common.py | 10 ++++++++++ scripts/createDistPackage.py | 7 ++++++- scripts/makedmg.py | 6 +++++- 3 files changed, 21 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/common.py b/scripts/common.py index b8f640377ec..91ff78ad4ef 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -177,3 +177,13 @@ def is_debug(path, filenames): def is_not_debug(path, filenames): files = [fn for fn in filenames if os.path.isfile(os.path.join(path, fn))] return [fn for fn in files if not is_debug_file(os.path.join(path, fn))] + +def codesign(app_path): + signing_identity = os.environ.get('SIGNING_IDENTITY') + if is_mac_platform() and signing_identity: + codesign_call = ['codesign', '--force', '--deep', '-s', signing_identity, '-v'] + signing_flags = os.environ.get('SIGNING_FLAGS') + if signing_flags: + codesign_call.extend(signing_flags.split()) + codesign_call.append(app_path) + subprocess.check_call(codesign_call) diff --git a/scripts/createDistPackage.py b/scripts/createDistPackage.py index 2b0c38ea5f4..a2bdf1bd193 100755 --- a/scripts/createDistPackage.py +++ b/scripts/createDistPackage.py @@ -33,7 +33,8 @@ import tempfile import common def parse_arguments(): - parser = argparse.ArgumentParser(description="Create Qt Creator package, filtering out debug information files.") + parser = argparse.ArgumentParser(description="Create Qt Creator package, filtering out debug information files.", + epilog="To sign the contents before packaging on macOS, set the SIGNING_IDENTITY and optionally the SIGNING_FLAGS environment variables.") parser.add_argument('--7z', help='path to 7z binary', default='7z.exe' if common.is_windows_platform() else '7z', metavar='<7z_binary>', dest='sevenzip') @@ -52,6 +53,10 @@ def main(): try: common.copytree(arguments.source_directory, tempdir, symlinks=True, ignore=(common.is_not_debug if arguments.debug else common.is_debug)) + # on macOS we might have to codesign (again) to account for removed debug info + if not arguments.debug: + common.codesign(tempdir) + # package zip_source = os.path.join(tempdir, '*') if arguments.exclude_toplevel else tempdir subprocess.check_call([arguments.sevenzip, 'a', '-mx9', arguments.target_archive, zip_source]) diff --git a/scripts/makedmg.py b/scripts/makedmg.py index 33721f90a72..7911a1be000 100755 --- a/scripts/makedmg.py +++ b/scripts/makedmg.py @@ -34,7 +34,8 @@ import time import common def parse_arguments(): - parser = argparse.ArgumentParser(description='Create Qt Creator disk image, filtering out debug information files.') + parser = argparse.ArgumentParser(description='Create Qt Creator disk image, filtering out debug information files.', + epilog="To sign the contents before packaging on macOS, set the SIGNING_IDENTITY and optionally the SIGNING_FLAGS environment variables.") parser.add_argument('target_diskimage', help='output .dmg file to create') parser.add_argument('dmg_volumename', help='volume name to use for the disk image') parser.add_argument('source_directory', help='directory with the Qt Creator sources') @@ -47,6 +48,9 @@ def main(): tempdir = os.path.join(tempdir_base, os.path.basename(arguments.binary_directory)) try: common.copytree(arguments.binary_directory, tempdir, symlinks=True, ignore=common.is_debug) + if common.is_mac_platform(): + app_path = [app for app in os.listdir(tempdir) if app.endswith('.app')][0] + common.codesign(os.path.join(tempdir, app_path)) os.symlink('/Applications', os.path.join(tempdir, 'Applications')) shutil.copy(os.path.join(arguments.source_directory, 'LICENSE.GPL3-EXCEPT'), tempdir) dmg_cmd = ['hdiutil', 'create', '-srcfolder', tempdir, '-volname', arguments.dmg_volumename, -- cgit v1.2.3