[macdeployqt] Add sign-for-notarization option

For notarization to succeed, several options have to be activated when signing the application: * the hardened runtime has to be activated * a secure timestamp must be generated * the application has to be signed with a Developer ID certificate Add the option sign-for-notarization to conveniently activate both options. Change-Id: I7ddf3f36091f4d5d081166d32f65a4ab446536ce Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>
author: Michael Brüning <michael.bruning@qt.io> 2020-03-27 11:31:08 +0100
committer: Michael Brüning <michael.bruning@qt.io> 2020-03-31 12:24:38 +0100
commit: 76b2d6ef3b438fbc50e89657b112f8edb3a0e120 (patch)
tree: e6b9deac8e0f1a3797c0c61e885643bdf6f27f7f
parent: 89ea26e93ee0410fb3a33b315d928fce05c3ef9e (diff)
1 files changed, 27 insertions, 15 deletions
diff --git a/src/macdeployqt/macdeployqt/main.cpp b/src/macdeployqt/macdeployqt/main.cpp
index 074b4a82f..0f9164053 100644
--- a/src/macdeployqt/macdeployqt/main.cpp
+++ b/src/macdeployqt/macdeployqt/main.cpp
@@ -42,21 +42,22 @@ int main(int argc, char **argv)
         qDebug() << "Usage: macdeployqt app-bundle [options]";
         qDebug() << "";
         qDebug() << "Options:";
-        qDebug() << "   -verbose=<0-3>     : 0 = no output, 1 = error/warning (default), 2 = normal, 3 = debug";
-        qDebug() << "   -no-plugins        : Skip plugin deployment";
-        qDebug() << "   -dmg               : Create a .dmg disk image";
-        qDebug() << "   -no-strip          : Don't run 'strip' on the binaries";
-        qDebug() << "   -use-debug-libs    : Deploy with debug versions of frameworks and plugins (implies -no-strip)";
-        qDebug() << "   -executable=<path> : Let the given executable use the deployed frameworks too";
-        qDebug() << "   -qmldir=<path>     : Scan for QML imports in the given path";
-        qDebug() << "   -qmlimport=<path>  : Add the given path to the QML module search locations";
-        qDebug() << "   -always-overwrite  : Copy files even if the target file exists";
-        qDebug() << "   -codesign=<ident>  : Run codesign with the given identity on all executables";
-        qDebug() << "   -hardened-runtime  : Enable Hardened Runtime when code signing";
-        qDebug() << "   -timestamp         : Include a secure timestamp when code signing (requires internet connection)";
-        qDebug() << "   -appstore-compliant: Skip deployment of components that use private API";
-        qDebug() << "   -libpath=<path>    : Add the given path to the library search path";
-        qDebug() << "   -fs=<filesystem>   : Set the filesystem used for the .dmg disk image (defaults to HFS+)";
+        qDebug() << "   -verbose=<0-3>                : 0 = no output, 1 = error/warning (default), 2 = normal, 3 = debug";
+        qDebug() << "   -no-plugins                   : Skip plugin deployment";
+        qDebug() << "   -dmg                          : Create a .dmg disk image";
+        qDebug() << "   -no-strip                     : Don't run 'strip' on the binaries";
+        qDebug() << "   -use-debug-libs               : Deploy with debug versions of frameworks and plugins (implies -no-strip)";
+        qDebug() << "   -executable=<path>            : Let the given executable use the deployed frameworks too";
+        qDebug() << "   -qmldir=<path>                : Scan for QML imports in the given path";
+        qDebug() << "   -qmlimport=<path>             : Add the given path to the QML module search locations";
+        qDebug() << "   -always-overwrite             : Copy files even if the target file exists";
+        qDebug() << "   -codesign=<ident>             : Run codesign with the given identity on all executables";
+        qDebug() << "   -hardened-runtime             : Enable Hardened Runtime when code signing";
+        qDebug() << "   -timestamp                    : Include a secure timestamp when code signing (requires internet connection)";
+        qDebug() << "   -sign-for-notarization=<ident>: Activate the necessary options for notarization (requires internet connection)";
+        qDebug() << "   -appstore-compliant           : Skip deployment of components that use private API";
+        qDebug() << "   -libpath=<path>               : Add the given path to the library search path";
+        qDebug() << "   -fs=<filesystem>              : Set the filesystem used for the .dmg disk image (defaults to HFS+)";
         qDebug() << "";
         qDebug() << "macdeployqt takes an application bundle as input and makes it";
         qDebug() << "self-contained by copying in the Qt frameworks and plugins that";
@@ -168,6 +169,17 @@ int main(int argc, char **argv)
                 runCodesign = true;
                 codesignIdentiy = argument.mid(index+1);
             }
+        } else if (argument.startsWith(QByteArray("-sign-for-notarization"))) {
+            LogDebug() << "Argument found:" << argument;
+            int index = argument.indexOf("=");
+            if (index < 0 || index >= argument.size()) {
+                LogError() << "Missing code signing identity";
+            } else {
+                runCodesign = true;
+                hardenedRuntime = true;
+                secureTimestamp = true;
+                codesignIdentiy = argument.mid(index+1);
+            }
         } else if (argument.startsWith(QByteArray("-hardened-runtime"))) {
             LogDebug() << "Argument found:" << argument;
             hardenedRuntime = true;
author	Michael Brüning <michael.bruning@qt.io>	2020-03-27 11:31:08 +0100
committer	Michael Brüning <michael.bruning@qt.io>	2020-03-31 12:24:38 +0100
commit	76b2d6ef3b438fbc50e89657b112f8edb3a0e120 (patch)
tree	e6b9deac8e0f1a3797c0c61e885643bdf6f27f7f
parent	89ea26e93ee0410fb3a33b315d928fce05c3ef9e (diff)