Merge remote-tracking branch 'origin/5.15' into dev

Change-Id: I674982e1a1f7d47bb1541f544ff1506a7cbe3a72

1 files changed, 24 insertions, 0 deletions

diff --git a/src/macdeployqt/shared/shared.cpp b/src/macdeployqt/shared/shared.cpp
index 454e72b7c..b308a6007 100644
--- a/src/macdeployqt/shared/shared.cpp
+++ b/src/macdeployqt/shared/shared.cpp
@@ -53,6 +53,7 @@ bool alwaysOwerwriteEnabled = false;
 bool runCodesign = false;
 QStringList librarySearchPath;
 QString codesignIdentiy;
+QString extraEntitlements;
 bool hardenedRuntime = false;
 bool appstoreCompliant = false;
 int logLevel = 1;
@@ -473,6 +474,23 @@ QStringList findAppBundleFiles(const QString &appBundlePath, bool absolutePath =
     return result;
 }
 
+QString findEntitlementsFile(const QString& path)
+{
+    QDirIterator iter(path, QStringList() << QString::fromLatin1("*.entitlements"),
+            QDir::Files, QDirIterator::Subdirectories);
+
+    while (iter.hasNext()) {
+        iter.next();
+        if (iter.fileInfo().isSymLink())
+            continue;
+
+        //return the first entitlements file - only one is used for signing anyway
+        return iter.fileInfo().absoluteFilePath();
+    }
+
+    return QString();
+}
+
 QList<FrameworkInfo> getQtFrameworks(const QList<DylibInfo> &dependencies, const QString &appBundlePath, const QSet<QString> &rpaths, bool useDebugLibs)
 {
     QList<FrameworkInfo> libraries;
@@ -1382,6 +1400,9 @@ void codesignFile(const QString &identity, const QString &filePath)
     if (hardenedRuntime)
         codeSignOptions << "-o" << "runtime";
 
+    if (!extraEntitlements.isEmpty())
+        codeSignOptions << "--entitlements" << extraEntitlements;
+
     QProcess codesign;
     codesign.start("codesign", codeSignOptions);
     codesign.waitForFinished(-1);
@@ -1504,6 +1525,9 @@ QSet<QString> codesignBundle(const QString &identity,
             }
         }
 
+        // Look for an entitlements file in the bundle to include when signing
+        extraEntitlements = findEntitlementsFile(appBundleAbsolutePath + "/Contents/Resources/");
+
         // All dependencies are signed, now sign this binary.
         codesignFile(identity, binary);
         signedBinaries.insert(binary);