[Lldb-commits] [PATCH] D54443: [CMake] Accept ENTITLEMENTS in add_llvm_executable and llvm_codesign

Stefan Gränitz via Phabricator via lldb-commits lldb-commits at lists.llvm.org
Tue Nov 13 03:12:54 PST 2018

sgraenitz added inline comments.

Comment at: cmake/modules/AddLLVM.cmake:795
-  llvm_codesign(${name})
 endmacro(add_llvm_executable name)
beanz wrote:
> sgraenitz wrote:
> > Would we want to pass `FORCE` to `add_llvm_executable` conditionally?
> I'm trying to think about the situations in which we need the `FORCE` option. Since this is connecting as a post-build event it shouldn't be running unless the target re-generates the output, so I'm not sure I understand why we ever need it.
> I did the git blame walk back to when the code was initially added in `49dd98a03a`, and there is no explanation. I suspect debugserver doesn't actually need the `--force` option because the author of the initial patch probably hit errors when re-signing the pre-built binary in his build directory.
> Thoughts?
I think you are right, it shouldn't be necessary. In practice, though, I can imagine situations when we want to make sure this won't fail in any case.

The options are: remove entirely (most correct) OR allow enable per target (most flexible) OR allow enable globally.

What about the last one? I could add `LLVM_CODESIGNING_FORCE` which is OFF by default. In failsafe/debugging situations it could be turned ON globally. I could remove the `FORCE` parameter here and check the flag in `llvm_codesign` (similar to `LLVM_CODESIGNING_IDENTITY`).



More information about the lldb-commits mailing list