diff options
author | Morten Johan Sørvig <morten.sorvig@qt.io> | 2019-09-27 11:59:03 +0200 |
---|---|---|
committer | Morten Johan Sørvig <morten.sorvig@qt.io> | 2019-10-17 11:58:37 +0000 |
commit | d20d4a29af3a5851d61a943361001365274d53cf (patch) | |
tree | a74f84841753136b2a6cd105861af909543d12f7 /src/macdeployqt | |
parent | bf566710de2e5ae6b6b0a1f9b2f368257e4bb1c4 (diff) |
macdeployqt: Add option for enabling hardened runtime
Hardened runtime will be required when code signing for
app notarization, at some point in the future.
[ChangeLog][macdeployqt] Added "-hardened-runtime" option to support app notarization.
Change-Id: I4a3686ae01366c1e78372bb3b5e725db8e8061fd
Reviewed-by: Morten Johan Sørvig <morten.sorvig@qt.io>
Diffstat (limited to 'src/macdeployqt')
-rw-r--r-- | src/macdeployqt/macdeployqt/main.cpp | 5 | ||||
-rw-r--r-- | src/macdeployqt/shared/shared.cpp | 14 |
2 files changed, 16 insertions, 3 deletions
diff --git a/src/macdeployqt/macdeployqt/main.cpp b/src/macdeployqt/macdeployqt/main.cpp index 0599b739e..3c13a6693 100644 --- a/src/macdeployqt/macdeployqt/main.cpp +++ b/src/macdeployqt/macdeployqt/main.cpp @@ -52,6 +52,7 @@ int main(int argc, char **argv) qDebug() << " -qmlimport=<path> : Add the given path to the QML module search locations"; qDebug() << " -always-overwrite : Copy files even if the target file exists"; qDebug() << " -codesign=<ident> : Run codesign with the given identity on all executables"; + qDebug() << " -hardened-runtime : Enable Hardened Runtime when code signing"; qDebug() << " -appstore-compliant: Skip deployment of components that use private API"; qDebug() << " -libpath=<path> : Add the given path to the library search path"; qDebug() << " -fs=<filesystem> : Set the filesystem used for the .dmg disk image (defaults to HFS+)"; @@ -96,6 +97,7 @@ int main(int argc, char **argv) QStringList qmlImportPaths; extern bool runCodesign; extern QString codesignIdentiy; + extern bool hardenedRuntime; extern bool appstoreCompliant; extern bool deployFramework; @@ -164,6 +166,9 @@ int main(int argc, char **argv) runCodesign = true; codesignIdentiy = argument.mid(index+1); } + } else if (argument.startsWith(QByteArray("-hardened-runtime"))) { + LogDebug() << "Argument found:" << argument; + hardenedRuntime = true; } else if (argument == QByteArray("-appstore-compliant")) { LogDebug() << "Argument found:" << argument; appstoreCompliant = true; diff --git a/src/macdeployqt/shared/shared.cpp b/src/macdeployqt/shared/shared.cpp index 69d0ce8ca..dd7b8359d 100644 --- a/src/macdeployqt/shared/shared.cpp +++ b/src/macdeployqt/shared/shared.cpp @@ -53,6 +53,7 @@ bool alwaysOwerwriteEnabled = false; bool runCodesign = false; QStringList librarySearchPath; QString codesignIdentiy; +bool hardenedRuntime = false; bool appstoreCompliant = false; int logLevel = 1; bool deployFramework = false; @@ -1371,11 +1372,18 @@ void codesignFile(const QString &identity, const QString &filePath) if (!runCodesign) return; - LogNormal() << "codesign" << filePath; + QString codeSignLogMessage = "codesign"; + if (hardenedRuntime) + codeSignLogMessage += ", enable hardned runtime"; + LogNormal() << codeSignLogMessage << filePath; + + QStringList codeSignOptions = { "--preserve-metadata=identifier,entitlements", "--force", "-s", + identity, filePath }; + if (hardenedRuntime) + codeSignOptions << "-o" << "runtime"; QProcess codesign; - codesign.start("codesign", QStringList() << "--preserve-metadata=identifier,entitlements" - << "--force" << "-s" << identity << filePath); + codesign.start("codesign", codeSignOptions); codesign.waitForFinished(-1); QByteArray err = codesign.readAllStandardError(); |