[PATCH] D62693: Support codesigning bundles and forcing
This revision was automatically updated to reflect the committed changes.
Closed by commit rL362169: Support codesigning bundles and forcing (authored by
cbieneman, committed by ).
Changed prior to commit:
https://reviews.llvm.org/D62693?vs=202239=202320#toc
Repository:
rL LLVM
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D62693/new/
https://reviews.llvm.org/D62693
Files:
clang-tools-extra/trunk/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
llvm/trunk/cmake/modules/AddLLVM.cmake
Index:
clang-tools-extra/trunk/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
===
---
clang-tools-extra/trunk/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
+++
clang-tools-extra/trunk/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
@@ -70,4 +70,9 @@
${target}
${CLANGD_FRAMEWORK_LOCATION}
)
+
+ # clangd is already signed as a standalone executable, so it must be forced.
+ llvm_codesign(ClangdXPC BUNDLE_PATH
"${CLANGD_FRAMEWORK_OUT_LOCATION}/XPCServices/${CLANGD_XPC_SERVICE_NAME}.xpc/"
FORCE)
+ # ClangdXPC library is already signed as a standalone library, so it must be
forced.
+ llvm_codesign(ClangdXPC BUNDLE_PATH "${CLANGD_FRAMEWORK_LOCATION}" FORCE)
endmacro(create_clangd_xpc_framework)
Index: llvm/trunk/cmake/modules/AddLLVM.cmake
===
--- llvm/trunk/cmake/modules/AddLLVM.cmake
+++ llvm/trunk/cmake/modules/AddLLVM.cmake
@@ -1659,9 +1659,9 @@
endif()
endfunction()
-# Usage: llvm_codesign(name [ENTITLEMENTS file])
+# Usage: llvm_codesign(name [FORCE] [ENTITLEMENTS file] [BUNDLE_PATH path])
function(llvm_codesign name)
- cmake_parse_arguments(ARG "" "ENTITLEMENTS" "" ${ARGN})
+ cmake_parse_arguments(ARG "FORCE" "ENTITLEMENTS;BUNDLE_PATH" "" ${ARGN})
if(NOT LLVM_CODESIGNING_IDENTITY)
return()
@@ -1691,12 +1691,20 @@
set(pass_entitlements --entitlements ${ARG_ENTITLEMENTS})
endif()
+if (NOT ARG_BUNDLE_PATH)
+ set(ARG_BUNDLE_PATH $)
+endif()
+
+if(ARG_FORCE)
+ set(force_flag "-f")
+endif()
+
add_custom_command(
TARGET ${name} POST_BUILD
COMMAND ${CMAKE_COMMAND} -E
env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}
${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}
- ${pass_entitlements} $
+ ${pass_entitlements} ${force_flag} ${ARG_BUNDLE_PATH}
)
endif()
endfunction()
Index: clang-tools-extra/trunk/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
===
--- clang-tools-extra/trunk/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
+++ clang-tools-extra/trunk/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
@@ -70,4 +70,9 @@
${target}
${CLANGD_FRAMEWORK_LOCATION}
)
+
+ # clangd is already signed as a standalone executable, so it must be forced.
+ llvm_codesign(ClangdXPC BUNDLE_PATH "${CLANGD_FRAMEWORK_OUT_LOCATION}/XPCServices/${CLANGD_XPC_SERVICE_NAME}.xpc/" FORCE)
+ # ClangdXPC library is already signed as a standalone library, so it must be forced.
+ llvm_codesign(ClangdXPC BUNDLE_PATH "${CLANGD_FRAMEWORK_LOCATION}" FORCE)
endmacro(create_clangd_xpc_framework)
Index: llvm/trunk/cmake/modules/AddLLVM.cmake
===
--- llvm/trunk/cmake/modules/AddLLVM.cmake
+++ llvm/trunk/cmake/modules/AddLLVM.cmake
@@ -1659,9 +1659,9 @@
endif()
endfunction()
-# Usage: llvm_codesign(name [ENTITLEMENTS file])
+# Usage: llvm_codesign(name [FORCE] [ENTITLEMENTS file] [BUNDLE_PATH path])
function(llvm_codesign name)
- cmake_parse_arguments(ARG "" "ENTITLEMENTS" "" ${ARGN})
+ cmake_parse_arguments(ARG "FORCE" "ENTITLEMENTS;BUNDLE_PATH" "" ${ARGN})
if(NOT LLVM_CODESIGNING_IDENTITY)
return()
@@ -1691,12 +1691,20 @@
set(pass_entitlements --entitlements ${ARG_ENTITLEMENTS})
endif()
+if (NOT ARG_BUNDLE_PATH)
+ set(ARG_BUNDLE_PATH $)
+endif()
+
+if(ARG_FORCE)
+ set(force_flag "-f")
+endif()
+
add_custom_command(
TARGET ${name} POST_BUILD
COMMAND ${CMAKE_COMMAND} -E
env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}
${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}
- ${pass_entitlements} $
+ ${pass_entitlements} ${force_flag} ${ARG_BUNDLE_PATH}
)
endif()
endfunction()
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D62693: Support codesigning bundles and forcing
bogner accepted this revision. bogner added a comment. This revision is now accepted and ready to land. Seems straightforward enough Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D62693/new/ https://reviews.llvm.org/D62693 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D62693: Support codesigning bundles and forcing
beanz created this revision.
beanz added reviewers: jkorous, bogner.
Herald added subscribers: kadircet, arphaman, dexonsmith, ilya-biryukov, mgorny.
Herald added projects: clang, LLVM.
Clangd's framework is assembled by copying binaries from the lib and bin
directories into a bundle shape. This results in an invalid bundle code
signature because the signature only applies to the binaries not the resources.
This patch adds two new options to `llvm_codesign` to enable re-signing the
library and XPC service as bundles.
The `BUNDLE_PATH` option allow specifying an explicit path to codesign, which
enables signing bundles which aren't generated using CMake's `FRAMEWORK` or
`BUNDLE` target properties.
The `FORCE` option allows re-signing binaries that have already been signed.
This is required for how clangd exposes the clangd library and tools as both
XPC and non-XPC services using the same binary.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D62693
Files:
clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
llvm/cmake/modules/AddLLVM.cmake
Index: llvm/cmake/modules/AddLLVM.cmake
===
--- llvm/cmake/modules/AddLLVM.cmake
+++ llvm/cmake/modules/AddLLVM.cmake
@@ -1659,9 +1659,9 @@
endif()
endfunction()
-# Usage: llvm_codesign(name [ENTITLEMENTS file])
+# Usage: llvm_codesign(name [FORCE] [ENTITLEMENTS file] [BUNDLE_PATH path])
function(llvm_codesign name)
- cmake_parse_arguments(ARG "" "ENTITLEMENTS" "" ${ARGN})
+ cmake_parse_arguments(ARG "FORCE" "ENTITLEMENTS;BUNDLE_PATH" "" ${ARGN})
if(NOT LLVM_CODESIGNING_IDENTITY)
return()
@@ -1691,12 +1691,20 @@
set(pass_entitlements --entitlements ${ARG_ENTITLEMENTS})
endif()
+if (NOT ARG_BUNDLE_PATH)
+ set(ARG_BUNDLE_PATH $)
+endif()
+
+if(ARG_FORCE)
+ set(force_flag "-f")
+endif()
+
add_custom_command(
TARGET ${name} POST_BUILD
COMMAND ${CMAKE_COMMAND} -E
env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}
${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}
- ${pass_entitlements} $
+ ${pass_entitlements} ${force_flag} ${ARG_BUNDLE_PATH}
)
endif()
endfunction()
Index: clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
===
--- clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
+++ clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
@@ -70,4 +70,9 @@
${target}
${CLANGD_FRAMEWORK_LOCATION}
)
+
+ # clangd is already signed as a standalone executable, so it must be forced.
+ llvm_codesign(ClangdXPC BUNDLE_PATH
"${CLANGD_FRAMEWORK_OUT_LOCATION}/XPCServices/${CLANGD_XPC_SERVICE_NAME}.xpc/"
FORCE)
+ # ClangdXPC library is already signed as a standalone library, so it must be
forced.
+ llvm_codesign(ClangdXPC BUNDLE_PATH "${CLANGD_FRAMEWORK_LOCATION}" FORCE)
endmacro(create_clangd_xpc_framework)
Index: llvm/cmake/modules/AddLLVM.cmake
===
--- llvm/cmake/modules/AddLLVM.cmake
+++ llvm/cmake/modules/AddLLVM.cmake
@@ -1659,9 +1659,9 @@
endif()
endfunction()
-# Usage: llvm_codesign(name [ENTITLEMENTS file])
+# Usage: llvm_codesign(name [FORCE] [ENTITLEMENTS file] [BUNDLE_PATH path])
function(llvm_codesign name)
- cmake_parse_arguments(ARG "" "ENTITLEMENTS" "" ${ARGN})
+ cmake_parse_arguments(ARG "FORCE" "ENTITLEMENTS;BUNDLE_PATH" "" ${ARGN})
if(NOT LLVM_CODESIGNING_IDENTITY)
return()
@@ -1691,12 +1691,20 @@
set(pass_entitlements --entitlements ${ARG_ENTITLEMENTS})
endif()
+if (NOT ARG_BUNDLE_PATH)
+ set(ARG_BUNDLE_PATH $)
+endif()
+
+if(ARG_FORCE)
+ set(force_flag "-f")
+endif()
+
add_custom_command(
TARGET ${name} POST_BUILD
COMMAND ${CMAKE_COMMAND} -E
env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}
${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}
- ${pass_entitlements} $
+ ${pass_entitlements} ${force_flag} ${ARG_BUNDLE_PATH}
)
endif()
endfunction()
Index: clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
===
--- clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
+++ clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
@@ -70,4 +70,9 @@
${target}
${CLANGD_FRAMEWORK_LOCATION}
)
+
+ # clangd is already signed as a standalone executable, so it must be forced.
+ llvm_codesign(ClangdXPC BUNDLE_PATH "${CLANGD_FRAMEWORK_OUT_LOCATION}/XPCServices/${CLANGD_XPC_SERVICE_NAME}.xpc/" FORCE)
+ # ClangdXPC library is already signed as a standalone library, so it must be forced.
+ llvm_codesign(ClangdXPC BUNDLE_PATH
