diff options
author | Michael Brüning <michael.bruning@qt.io> | 2020-03-26 16:11:56 +0100 |
---|---|---|
committer | Michael Brüning <michael.bruning@qt.io> | 2020-03-31 12:24:33 +0100 |
commit | 89ea26e93ee0410fb3a33b315d928fce05c3ef9e (patch) | |
tree | 4e2e9466f7124a23314d60593a06720493b8f103 | |
parent | ebb0380a4ef3410f5957b472203360fd67fe3b1d (diff) |
[macdeployqt] Add option to include secure timestamp when signing
Apple now requires the developer to include a secure timestamp in the
application's signature in order for notarization to succeed.
Add an option to do this to macdeployqt.
Change-Id: Ia884de80822661abcf65a287e4dc8429ec24b766
Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>
-rw-r--r-- | src/macdeployqt/macdeployqt/main.cpp | 5 | ||||
-rw-r--r-- | src/macdeployqt/shared/shared.cpp | 8 |
2 files changed, 12 insertions, 1 deletions
diff --git a/src/macdeployqt/macdeployqt/main.cpp b/src/macdeployqt/macdeployqt/main.cpp index 3c13a6693..074b4a82f 100644 --- a/src/macdeployqt/macdeployqt/main.cpp +++ b/src/macdeployqt/macdeployqt/main.cpp @@ -53,6 +53,7 @@ int main(int argc, char **argv) qDebug() << " -always-overwrite : Copy files even if the target file exists"; qDebug() << " -codesign=<ident> : Run codesign with the given identity on all executables"; qDebug() << " -hardened-runtime : Enable Hardened Runtime when code signing"; + qDebug() << " -timestamp : Include a secure timestamp when code signing (requires internet connection)"; qDebug() << " -appstore-compliant: Skip deployment of components that use private API"; qDebug() << " -libpath=<path> : Add the given path to the library search path"; qDebug() << " -fs=<filesystem> : Set the filesystem used for the .dmg disk image (defaults to HFS+)"; @@ -100,6 +101,7 @@ int main(int argc, char **argv) extern bool hardenedRuntime; extern bool appstoreCompliant; extern bool deployFramework; + extern bool secureTimestamp; for (int i = 2; i < argc; ++i) { QByteArray argument = QByteArray(argv[i]); @@ -169,6 +171,9 @@ int main(int argc, char **argv) } else if (argument.startsWith(QByteArray("-hardened-runtime"))) { LogDebug() << "Argument found:" << argument; hardenedRuntime = true; + } else if (argument.startsWith(QByteArray("-timestamp"))) { + LogDebug() << "Argument found:" << argument; + secureTimestamp = true; } else if (argument == QByteArray("-appstore-compliant")) { LogDebug() << "Argument found:" << argument; appstoreCompliant = true; diff --git a/src/macdeployqt/shared/shared.cpp b/src/macdeployqt/shared/shared.cpp index cc3b2607b..607dce880 100644 --- a/src/macdeployqt/shared/shared.cpp +++ b/src/macdeployqt/shared/shared.cpp @@ -55,6 +55,7 @@ QStringList librarySearchPath; QString codesignIdentiy; QString extraEntitlements; bool hardenedRuntime = false; +bool secureTimestamp = false; bool appstoreCompliant = false; int logLevel = 1; bool deployFramework = false; @@ -1392,7 +1393,9 @@ void codesignFile(const QString &identity, const QString &filePath) QString codeSignLogMessage = "codesign"; if (hardenedRuntime) - codeSignLogMessage += ", enable hardned runtime"; + codeSignLogMessage += ", enable hardened runtime"; + if (secureTimestamp) + codeSignLogMessage += ", include secure timestamp"; LogNormal() << codeSignLogMessage << filePath; QStringList codeSignOptions = { "--preserve-metadata=identifier,entitlements", "--force", "-s", @@ -1400,6 +1403,9 @@ void codesignFile(const QString &identity, const QString &filePath) if (hardenedRuntime) codeSignOptions << "-o" << "runtime"; + if (secureTimestamp) + codeSignOptions << "--timestamp"; + if (!extraEntitlements.isEmpty()) codeSignOptions << "--entitlements" << extraEntitlements; |