[macdeployqt] Add option to include secure timestamp when signing

Apple now requires the developer to include a secure timestamp in the
application's signature in order for notarization to succeed.

Add an option to do this to macdeployqt.

Change-Id: Ia884de80822661abcf65a287e4dc8429ec24b766
Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>

1 files changed, 7 insertions, 1 deletions

diff --git a/src/macdeployqt/shared/shared.cpp b/src/macdeployqt/shared/shared.cpp
index cc3b2607b..607dce880 100644
--- a/src/macdeployqt/shared/shared.cpp
+++ b/src/macdeployqt/shared/shared.cpp
@@ -55,6 +55,7 @@ QStringList librarySearchPath;
 QString codesignIdentiy;
 QString extraEntitlements;
 bool hardenedRuntime = false;
+bool secureTimestamp = false;
 bool appstoreCompliant = false;
 int logLevel = 1;
 bool deployFramework = false;
@@ -1392,7 +1393,9 @@ void codesignFile(const QString &identity, const QString &filePath)
 
     QString codeSignLogMessage = "codesign";
     if (hardenedRuntime)
-        codeSignLogMessage += ", enable hardned runtime";
+        codeSignLogMessage += ", enable hardened runtime";
+    if (secureTimestamp)
+        codeSignLogMessage += ", include secure timestamp";
     LogNormal() << codeSignLogMessage << filePath;
 
     QStringList codeSignOptions = { "--preserve-metadata=identifier,entitlements", "--force", "-s",
@@ -1400,6 +1403,9 @@ void codesignFile(const QString &identity, const QString &filePath)
     if (hardenedRuntime)
         codeSignOptions << "-o" << "runtime";
 
+    if (secureTimestamp)
+        codeSignOptions << "--timestamp";
+
     if (!extraEntitlements.isEmpty())
         codeSignOptions << "--entitlements" << extraEntitlements;