[PATCH] D48797: [CMake] Teach the build system to codesign built products

Justin Bogner via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Jun 29 15:14:38 PDT 2018 

bogner created this revision.
bogner added a reviewer: beanz.
Herald added subscribers: llvm-commits, mgorny, mcrosier.

Automatically codesign all executables and dynamic libraries if a
codesigning identity is given (via LLVM_CODESIGNING_IDENTITY). This
option is darwin only for now.


Repository:
  rL LLVM

https://reviews.llvm.org/D48797

Files:
  CMakeLists.txt
  cmake/modules/AddLLVM.cmake


Index: cmake/modules/AddLLVM.cmake
===================================================================
--- cmake/modules/AddLLVM.cmake
+++ cmake/modules/AddLLVM.cmake
@@ -580,6 +580,7 @@
 
   if(ARG_SHARED OR ARG_MODULE)
     llvm_externalize_debuginfo(${name})
+    llvm_codesign(${name})
   endif()
 endfunction()
 
@@ -784,6 +785,8 @@
     # API for all shared libaries loaded by this executable.
     target_link_libraries(${name} PRIVATE ${LLVM_PTHREAD_LIB})
   endif()
+
+  llvm_codesign(${name})
 endmacro(add_llvm_executable name)
 
 function(export_executable_symbols target)
@@ -1590,6 +1593,23 @@
   endif()
 endfunction()
 
+function(llvm_codesign name)
+  if(NOT LLVM_CODESIGNING_IDENTITY)
+    return()
+  endif()
+
+  if(APPLE)
+    if(NOT CMAKE_CODESIGN)
+      set(CMAKE_CODESIGN xcrun codesign)
+    endif()
+    add_custom_command(
+      TARGET ${name} POST_BUILD
+      COMMAND ${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}
+              $<TARGET_FILE:${name}>
+    )
+  endif()
+endfunction()
+
 function(llvm_setup_rpath name)
   if(CMAKE_INSTALL_RPATH)
     return()
Index: CMakeLists.txt
===================================================================
--- CMakeLists.txt
+++ CMakeLists.txt
@@ -429,6 +429,9 @@
 option(LLVM_EXTERNALIZE_DEBUGINFO
   "Generate dSYM files and strip executables and libraries (Darwin Only)" OFF)
 
+option(LLVM_CODESIGNING_IDENTITY
+  "Sign executables and dylibs with the given identity (Darwin Only)" OFF)
+
 # If enabled, verify we are on a platform that supports oprofile.
 if( LLVM_USE_OPROFILE )
   if( NOT CMAKE_SYSTEM_NAME MATCHES "Linux" )


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D48797.153591.patch
Type: text/x-patch
Size: 1612 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180629/969750db/attachment.bin>

More information about the llvm-commits mailing list