From 89ea26e93ee0410fb3a33b315d928fce05c3ef9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Br=C3=BCning?= Date: Thu, 26 Mar 2020 16:11:56 +0100 Subject: [macdeployqt] Add option to include secure timestamp when signing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apple now requires the developer to include a secure timestamp in the application's signature in order for notarization to succeed. Add an option to do this to macdeployqt. Change-Id: Ia884de80822661abcf65a287e4dc8429ec24b766 Reviewed-by: Morten Johan Sørvig --- src/macdeployqt/shared/shared.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'src/macdeployqt/shared/shared.cpp') diff --git a/src/macdeployqt/shared/shared.cpp b/src/macdeployqt/shared/shared.cpp index cc3b2607b..607dce880 100644 --- a/src/macdeployqt/shared/shared.cpp +++ b/src/macdeployqt/shared/shared.cpp @@ -55,6 +55,7 @@ QStringList librarySearchPath; QString codesignIdentiy; QString extraEntitlements; bool hardenedRuntime = false; +bool secureTimestamp = false; bool appstoreCompliant = false; int logLevel = 1; bool deployFramework = false; @@ -1392,7 +1393,9 @@ void codesignFile(const QString &identity, const QString &filePath) QString codeSignLogMessage = "codesign"; if (hardenedRuntime) - codeSignLogMessage += ", enable hardned runtime"; + codeSignLogMessage += ", enable hardened runtime"; + if (secureTimestamp) + codeSignLogMessage += ", include secure timestamp"; LogNormal() << codeSignLogMessage << filePath; QStringList codeSignOptions = { "--preserve-metadata=identifier,entitlements", "--force", "-s", @@ -1400,6 +1403,9 @@ void codesignFile(const QString &identity, const QString &filePath) if (hardenedRuntime) codeSignOptions << "-o" << "runtime"; + if (secureTimestamp) + codeSignOptions << "--timestamp"; + if (!extraEntitlements.isEmpty()) codeSignOptions << "--entitlements" << extraEntitlements; -- cgit v1.2.3