[PATCH] D62693: Support codesigning bundles and forcing
Chris Bieneman via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu May 30 10:47:48 PDT 2019
beanz created this revision.
beanz added reviewers: jkorous, bogner.
Herald added subscribers: kadircet, arphaman, dexonsmith, ilya-biryukov, mgorny.
Herald added projects: clang, LLVM.
Clangd's framework is assembled by copying binaries from the lib and bin directories into a bundle shape. This results in an invalid bundle code signature because the signature only applies to the binaries not the resources.
This patch adds two new options to `llvm_codesign` to enable re-signing the library and XPC service as bundles.
The `BUNDLE_PATH` option allow specifying an explicit path to codesign, which enables signing bundles which aren't generated using CMake's `FRAMEWORK` or `BUNDLE` target properties.
The `FORCE` option allows re-signing binaries that have already been signed. This is required for how clangd exposes the clangd library and tools as both XPC and non-XPC services using the same binary.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D62693
Files:
clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
llvm/cmake/modules/AddLLVM.cmake
Index: llvm/cmake/modules/AddLLVM.cmake
===================================================================
--- llvm/cmake/modules/AddLLVM.cmake
+++ llvm/cmake/modules/AddLLVM.cmake
@@ -1659,9 +1659,9 @@
endif()
endfunction()
-# Usage: llvm_codesign(name [ENTITLEMENTS file])
+# Usage: llvm_codesign(name [FORCE] [ENTITLEMENTS file] [BUNDLE_PATH path])
function(llvm_codesign name)
- cmake_parse_arguments(ARG "" "ENTITLEMENTS" "" ${ARGN})
+ cmake_parse_arguments(ARG "FORCE" "ENTITLEMENTS;BUNDLE_PATH" "" ${ARGN})
if(NOT LLVM_CODESIGNING_IDENTITY)
return()
@@ -1691,12 +1691,20 @@
set(pass_entitlements --entitlements ${ARG_ENTITLEMENTS})
endif()
+ if (NOT ARG_BUNDLE_PATH)
+ set(ARG_BUNDLE_PATH $<TARGET_FILE:${name}>)
+ endif()
+
+ if(ARG_FORCE)
+ set(force_flag "-f")
+ endif()
+
add_custom_command(
TARGET ${name} POST_BUILD
COMMAND ${CMAKE_COMMAND} -E
env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}
${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}
- ${pass_entitlements} $<TARGET_FILE:${name}>
+ ${pass_entitlements} ${force_flag} ${ARG_BUNDLE_PATH}
)
endif()
endfunction()
Index: clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
===================================================================
--- clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
+++ clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
@@ -70,4 +70,9 @@
${target}
${CLANGD_FRAMEWORK_LOCATION}
)
+
+ # clangd is already signed as a standalone executable, so it must be forced.
+ llvm_codesign(ClangdXPC BUNDLE_PATH "${CLANGD_FRAMEWORK_OUT_LOCATION}/XPCServices/${CLANGD_XPC_SERVICE_NAME}.xpc/" FORCE)
+ # ClangdXPC library is already signed as a standalone library, so it must be forced.
+ llvm_codesign(ClangdXPC BUNDLE_PATH "${CLANGD_FRAMEWORK_LOCATION}" FORCE)
endmacro(create_clangd_xpc_framework)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D62693.202239.patch
Type: text/x-patch
Size: 2010 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190530/74181458/attachment.bin>
More information about the llvm-commits
mailing list