diff options
| -rw-r--r-- | src/macdeployqt/macdeployqt/main.cpp | 5 | ||||
| -rw-r--r-- | src/macdeployqt/shared/shared.cpp | 14 |
2 files changed, 16 insertions, 3 deletions
diff --git a/src/macdeployqt/macdeployqt/main.cpp b/src/macdeployqt/macdeployqt/main.cpp index 0599b739e..3c13a6693 100644 --- a/src/macdeployqt/macdeployqt/main.cpp +++ b/src/macdeployqt/macdeployqt/main.cpp @@ -52,6 +52,7 @@ int main(int argc, char **argv) qDebug() << " -qmlimport=<path> : Add the given path to the QML module search locations"; qDebug() << " -always-overwrite : Copy files even if the target file exists"; qDebug() << " -codesign=<ident> : Run codesign with the given identity on all executables"; + qDebug() << " -hardened-runtime : Enable Hardened Runtime when code signing"; qDebug() << " -appstore-compliant: Skip deployment of components that use private API"; qDebug() << " -libpath=<path> : Add the given path to the library search path"; qDebug() << " -fs=<filesystem> : Set the filesystem used for the .dmg disk image (defaults to HFS+)"; @@ -96,6 +97,7 @@ int main(int argc, char **argv) QStringList qmlImportPaths; extern bool runCodesign; extern QString codesignIdentiy; + extern bool hardenedRuntime; extern bool appstoreCompliant; extern bool deployFramework; @@ -164,6 +166,9 @@ int main(int argc, char **argv) runCodesign = true; codesignIdentiy = argument.mid(index+1); } + } else if (argument.startsWith(QByteArray("-hardened-runtime"))) { + LogDebug() << "Argument found:" << argument; + hardenedRuntime = true; } else if (argument == QByteArray("-appstore-compliant")) { LogDebug() << "Argument found:" << argument; appstoreCompliant = true; diff --git a/src/macdeployqt/shared/shared.cpp b/src/macdeployqt/shared/shared.cpp index 69d0ce8ca..dd7b8359d 100644 --- a/src/macdeployqt/shared/shared.cpp +++ b/src/macdeployqt/shared/shared.cpp @@ -53,6 +53,7 @@ bool alwaysOwerwriteEnabled = false; bool runCodesign = false; QStringList librarySearchPath; QString codesignIdentiy; +bool hardenedRuntime = false; bool appstoreCompliant = false; int logLevel = 1; bool deployFramework = false; @@ -1371,11 +1372,18 @@ void codesignFile(const QString &identity, const QString &filePath) if (!runCodesign) return; - LogNormal() << "codesign" << filePath; + QString codeSignLogMessage = "codesign"; + if (hardenedRuntime) + codeSignLogMessage += ", enable hardned runtime"; + LogNormal() << codeSignLogMessage << filePath; + + QStringList codeSignOptions = { "--preserve-metadata=identifier,entitlements", "--force", "-s", + identity, filePath }; + if (hardenedRuntime) + codeSignOptions << "-o" << "runtime"; QProcess codesign; - codesign.start("codesign", QStringList() << "--preserve-metadata=identifier,entitlements" - << "--force" << "-s" << identity << filePath); + codesign.start("codesign", codeSignOptions); codesign.waitForFinished(-1); QByteArray err = codesign.readAllStandardError(); |