diff options
author | Ivan Komissarov <abbapoh@gmail.com> | 2021-03-20 20:16:57 +0300 |
---|---|---|
committer | Ivan Komissarov <ABBAPOH@gmail.com> | 2021-03-30 14:32:46 +0000 |
commit | 5160a0b6e386b157fc1f5375efd881b8433b29ee (patch) | |
tree | 44dc163382dea5d28844239db863e97b07dcfd23 | |
parent | 980a5fc3f61f42bdd8cdee832235861e095e8e01 (diff) | |
download | qbs-5160a0b6e386b157fc1f5375efd881b8433b29ee.tar.gz |
codesign: do not sign intermediate products when multiplexing
We should only sign the resulting binary during the lipo step.
Change-Id: If4d508bcdf347bf2fc68d345ed8d5913a7457f8d
Reviewed-by: Christian Kandeler <christian.kandeler@qt.io>
-rw-r--r-- | share/qbs/modules/cpp/DarwinGCC.qbs | 9 | ||||
-rw-r--r-- | share/qbs/modules/cpp/GenericGCC.qbs | 2 | ||||
-rw-r--r-- | share/qbs/modules/cpp/darwin.js | 10 | ||||
-rw-r--r-- | tests/auto/blackbox/testdata-apple/apple-multiconfig/apple-multiconfig.qbs | 2 | ||||
-rw-r--r-- | tests/auto/blackbox/testdata-apple/codesign/codesign.qbs | 10 | ||||
-rw-r--r-- | tests/auto/blackbox/testdata-apple/multiarch-helpers.js (renamed from tests/auto/blackbox/testdata-apple/apple-multiconfig/helpers.js) | 0 | ||||
-rw-r--r-- | tests/auto/blackbox/tst_blackboxapple.cpp | 23 |
7 files changed, 46 insertions, 10 deletions
diff --git a/share/qbs/modules/cpp/DarwinGCC.qbs b/share/qbs/modules/cpp/DarwinGCC.qbs index 3249b552f..158c3c061 100644 --- a/share/qbs/modules/cpp/DarwinGCC.qbs +++ b/share/qbs/modules/cpp/DarwinGCC.qbs @@ -216,7 +216,8 @@ UnixGCC { multiplex: true outputFileTags: ["bundle.input", "application", "primary", "debuginfo_app", - "debuginfo_bundle", "bundle.variant_symlink", "debuginfo_plist"] + "debuginfo_bundle", "bundle.variant_symlink", "debuginfo_plist", + "codesign.signed_artifact"] outputArtifacts: Darwin.lipoOutputArtifacts(product, inputs, "application", "app") prepare: Darwin.prepareLipo.apply(Darwin, arguments) @@ -228,7 +229,7 @@ UnixGCC { multiplex: true outputFileTags: ["bundle.input", "loadablemodule", "primary", "debuginfo_loadablemodule", - "debuginfo_bundle", "debuginfo_plist"] + "debuginfo_bundle", "debuginfo_plist", "codesign.signed_artifact"] outputArtifacts: Darwin.lipoOutputArtifacts(product, inputs, "loadablemodule", "loadablemodule") @@ -242,7 +243,7 @@ UnixGCC { outputFileTags: ["bundle.input", "dynamiclibrary", "dynamiclibrary_symbols", "primary", "debuginfo_dll","debuginfo_bundle","bundle.variant_symlink", - "debuginfo_plist"] + "debuginfo_plist", "codesign.signed_artifact"] outputArtifacts: Darwin.lipoOutputArtifacts(product, inputs, "dynamiclibrary", "dll") prepare: Darwin.prepareLipo.apply(Darwin, arguments) @@ -253,7 +254,7 @@ UnixGCC { inputsFromDependencies: ["staticlibrary"] multiplex: true - outputFileTags: ["bundle.input", "staticlibrary", "primary"] + outputFileTags: ["bundle.input", "staticlibrary", "primary", "codesign.signed_artifact"] outputArtifacts: Darwin.lipoOutputArtifacts(product, inputs, "staticlibrary") prepare: Darwin.prepareLipo.apply(Darwin, arguments) diff --git a/share/qbs/modules/cpp/GenericGCC.qbs b/share/qbs/modules/cpp/GenericGCC.qbs index 3b6e5b106..e2d9eeab5 100644 --- a/share/qbs/modules/cpp/GenericGCC.qbs +++ b/share/qbs/modules/cpp/GenericGCC.qbs @@ -214,6 +214,8 @@ CppModule { readonly property bool shouldSignArtifacts: codesign._canSignArtifacts && codesign.enableCodeSigning + // codesigning is done during the lipo step + && !product.multiplexed property string internalVersion: { if (product.version === undefined) diff --git a/share/qbs/modules/cpp/darwin.js b/share/qbs/modules/cpp/darwin.js index 6373b57c4..7f7e9a05d 100644 --- a/share/qbs/modules/cpp/darwin.js +++ b/share/qbs/modules/cpp/darwin.js @@ -28,6 +28,7 @@ ** ****************************************************************************/ +var Codesign = require("../codesign/codesign.js"); var File = require("qbs.File"); var FileInfo = require("qbs.FileInfo"); var Gcc = require("./gcc.js"); @@ -99,6 +100,9 @@ function lipoOutputArtifacts(product, inputs, fileTag, debugSuffix) { else tags.push(fileTag, "primary"); + if (product.codesign.enableCodeSigning) + tags.push("codesign.signed_artifact"); + return { filePath: FileInfo.joinPaths(product.destinationDirectory, PathTools.linkerOutputFilePath(fileTag, product, @@ -188,6 +192,12 @@ function prepareLipo(project, product, inputs, outputs, input, output) { commands.push(cmd); if (outputs.dynamiclibrary_symbols) Array.prototype.push.apply(commands, Gcc.createSymbolCheckingCommands(product, outputs)); + + if (product.codesign.enableCodeSigning) { + Array.prototype.push.apply( + commands, Codesign.prepareSign(project, product, inputs, outputs, input, output)); + } + return commands; } diff --git a/tests/auto/blackbox/testdata-apple/apple-multiconfig/apple-multiconfig.qbs b/tests/auto/blackbox/testdata-apple/apple-multiconfig/apple-multiconfig.qbs index c1d35eb8c..6b7fab390 100644 --- a/tests/auto/blackbox/testdata-apple/apple-multiconfig/apple-multiconfig.qbs +++ b/tests/auto/blackbox/testdata-apple/apple-multiconfig/apple-multiconfig.qbs @@ -1,6 +1,6 @@ import qbs.Utilities -import "helpers.js" as Helpers +import "../multiarch-helpers.js" as Helpers Project { minimumQbsVersion: "1.8" diff --git a/tests/auto/blackbox/testdata-apple/codesign/codesign.qbs b/tests/auto/blackbox/testdata-apple/codesign/codesign.qbs index 312e9f001..eafb0be84 100644 --- a/tests/auto/blackbox/testdata-apple/codesign/codesign.qbs +++ b/tests/auto/blackbox/testdata-apple/codesign/codesign.qbs @@ -1,5 +1,8 @@ +import "../multiarch-helpers.js" as Helpers + Project { name: "p" + property string xcodeVersion property bool isBundle: true property bool enableSigning: true @@ -12,6 +15,9 @@ Project { codesign.signingType: "ad-hoc" install: true installDir: "" + + qbs.architectures: + project.xcodeVersion ? Helpers.getArchitectures(qbs, project.xcodeVersion) : [] } DynamicLibrary { @@ -23,6 +29,8 @@ Project { codesign.signingType: "ad-hoc" install: true installDir: "" + qbs.architectures: + project.xcodeVersion ? Helpers.getArchitectures(qbs, project.xcodeVersion) : [] } LoadableModule { @@ -34,5 +42,7 @@ Project { codesign.signingType: "ad-hoc" install: true installDir: "" + qbs.architectures: + project.xcodeVersion ? Helpers.getArchitectures(qbs, project.xcodeVersion) : [] } } diff --git a/tests/auto/blackbox/testdata-apple/apple-multiconfig/helpers.js b/tests/auto/blackbox/testdata-apple/multiarch-helpers.js index 5d1c0f273..5d1c0f273 100644 --- a/tests/auto/blackbox/testdata-apple/apple-multiconfig/helpers.js +++ b/tests/auto/blackbox/testdata-apple/multiarch-helpers.js diff --git a/tests/auto/blackbox/tst_blackboxapple.cpp b/tests/auto/blackbox/tst_blackboxapple.cpp index 8915ac8b2..884d2c077 100644 --- a/tests/auto/blackbox/tst_blackboxapple.cpp +++ b/tests/auto/blackbox/tst_blackboxapple.cpp @@ -717,6 +717,9 @@ void TestBlackboxApple::codesign() { QFETCH(bool, isBundle); QFETCH(bool, enableSigning); + QFETCH(bool, multiArch); + + const auto xcodeVersion = findXcodeVersion(); QDir::setCurrent(testDataDir + "/codesign"); QbsRunParameters params(QStringList{"qbs.installPrefix:''"}); @@ -724,10 +727,17 @@ void TestBlackboxApple::codesign() << QStringLiteral("project.isBundle:%1").arg(isBundle ? "true" : "false"); params.arguments << QStringLiteral("project.enableSigning:%1").arg(enableSigning ? "true" : "false"); + if (multiArch) + params.arguments << QStringLiteral("project.xcodeVersion:") + xcodeVersion.toString(); rmDirR(relativeBuildDir()); QCOMPARE(runQbs(params), 0); + const int codeSignCount = + QString::fromUtf8(m_qbsStdout).count(QStringLiteral("codesign")); + // We have 3 products, we have to sign each exactly once, even in the multiplexed case + QCOMPARE(codeSignCount, enableSigning ? 3 : 0); + const auto appName = isBundle ? QStringLiteral("A.app") : QStringLiteral("A"); const auto appPath = defaultInstallRoot + "/" + appName; QVERIFY(QFileInfo(appPath).exists()); @@ -772,11 +782,14 @@ void TestBlackboxApple::codesign_data() { QTest::addColumn<bool>("isBundle"); QTest::addColumn<bool>("enableSigning"); - - QTest::newRow("bundle, unsigned") << true << false; - QTest::newRow("standalone, unsigned") << false << false; - QTest::newRow("bundle, signed") << true << true; - QTest::newRow("standalone, signed") << false << true; + QTest::addColumn<bool>("multiArch"); + + QTest::newRow("bundle, unsigned") << true << false << false; + QTest::newRow("standalone, unsigned") << false << false << false; + QTest::newRow("bundle, signed") << true << true << false; + QTest::newRow("standalone, signed") << false << true << false; + QTest::newRow("bundle, signed, multiarch") << true << true << true; + QTest::newRow("standalone, signed, multiarch") << false << true << true; } void TestBlackboxApple::deploymentTarget() |