From d20d4a29af3a5851d61a943361001365274d53cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Morten=20Johan=20S=C3=B8rvig?= Date: Fri, 27 Sep 2019 11:59:03 +0200 Subject: macdeployqt: Add option for enabling hardened runtime MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hardened runtime will be required when code signing for app notarization, at some point in the future. [ChangeLog][macdeployqt] Added "-hardened-runtime" option to support app notarization. Change-Id: I4a3686ae01366c1e78372bb3b5e725db8e8061fd Reviewed-by: Morten Johan Sørvig --- src/macdeployqt/shared/shared.cpp | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'src/macdeployqt/shared') diff --git a/src/macdeployqt/shared/shared.cpp b/src/macdeployqt/shared/shared.cpp index 69d0ce8ca..dd7b8359d 100644 --- a/src/macdeployqt/shared/shared.cpp +++ b/src/macdeployqt/shared/shared.cpp @@ -53,6 +53,7 @@ bool alwaysOwerwriteEnabled = false; bool runCodesign = false; QStringList librarySearchPath; QString codesignIdentiy; +bool hardenedRuntime = false; bool appstoreCompliant = false; int logLevel = 1; bool deployFramework = false; @@ -1371,11 +1372,18 @@ void codesignFile(const QString &identity, const QString &filePath) if (!runCodesign) return; - LogNormal() << "codesign" << filePath; + QString codeSignLogMessage = "codesign"; + if (hardenedRuntime) + codeSignLogMessage += ", enable hardned runtime"; + LogNormal() << codeSignLogMessage << filePath; + + QStringList codeSignOptions = { "--preserve-metadata=identifier,entitlements", "--force", "-s", + identity, filePath }; + if (hardenedRuntime) + codeSignOptions << "-o" << "runtime"; QProcess codesign; - codesign.start("codesign", QStringList() << "--preserve-metadata=identifier,entitlements" - << "--force" << "-s" << identity << filePath); + codesign.start("codesign", codeSignOptions); codesign.waitForFinished(-1); QByteArray err = codesign.readAllStandardError(); -- cgit v1.2.3