mirror of
https://github.com/fish-shell/fish-shell
synced 2025-01-06 10:08:47 +00:00
Teach CMake to code sign Mac executables
Perform an ad-hoc code signing with the hardened runtime. This ensures that these executables can pass notarization. The code signing ID is controlled by the MAC_CODESIGN_ID CMake cache variable.
This commit is contained in:
parent
f96a083d97
commit
d0a67e372c
3 changed files with 32 additions and 6 deletions
|
@ -163,10 +163,26 @@ ADD_DEFINITIONS(-D_REENTRANT)
|
||||||
# Set up PCRE2
|
# Set up PCRE2
|
||||||
INCLUDE(cmake/PCRE2.cmake)
|
INCLUDE(cmake/PCRE2.cmake)
|
||||||
|
|
||||||
|
# Code signing ID on Mac. A default '-' is ad-hoc codesign.
|
||||||
|
SET(MAC_CODESIGN_ID "-" CACHE STRING "Mac code-signing identity")
|
||||||
|
|
||||||
|
FUNCTION(CODESIGN_ON_MAC target)
|
||||||
|
IF(APPLE)
|
||||||
|
ADD_CUSTOM_COMMAND(
|
||||||
|
TARGET ${target}
|
||||||
|
POST_BUILD
|
||||||
|
COMMAND codesign --force --deep --options runtime --sign "${MAC_CODESIGN_ID}" $<TARGET_FILE:${target}>
|
||||||
|
VERBATIM
|
||||||
|
)
|
||||||
|
ENDIF()
|
||||||
|
ENDFUNCTION(CODESIGN_ON_MAC target)
|
||||||
|
|
||||||
|
|
||||||
# Define a function to link dependencies.
|
# Define a function to link dependencies.
|
||||||
FUNCTION(FISH_LINK_DEPS target)
|
FUNCTION(FISH_LINK_DEPS_AND_SIGN target)
|
||||||
TARGET_LINK_LIBRARIES(${target} fishlib)
|
TARGET_LINK_LIBRARIES(${target} fishlib)
|
||||||
ENDFUNCTION(FISH_LINK_DEPS)
|
CODESIGN_ON_MAC(${target})
|
||||||
|
ENDFUNCTION(FISH_LINK_DEPS_AND_SIGN)
|
||||||
|
|
||||||
# Define libfish.a.
|
# Define libfish.a.
|
||||||
ADD_LIBRARY(fishlib STATIC ${FISH_SRCS})
|
ADD_LIBRARY(fishlib STATIC ${FISH_SRCS})
|
||||||
|
@ -177,17 +193,17 @@ TARGET_LINK_LIBRARIES(fishlib
|
||||||
|
|
||||||
# Define fish.
|
# Define fish.
|
||||||
ADD_EXECUTABLE(fish src/fish.cpp)
|
ADD_EXECUTABLE(fish src/fish.cpp)
|
||||||
FISH_LINK_DEPS(fish)
|
FISH_LINK_DEPS_AND_SIGN(fish)
|
||||||
|
|
||||||
# Define fish_indent.
|
# Define fish_indent.
|
||||||
ADD_EXECUTABLE(fish_indent
|
ADD_EXECUTABLE(fish_indent
|
||||||
src/fish_indent.cpp src/print_help.cpp)
|
src/fish_indent.cpp src/print_help.cpp)
|
||||||
FISH_LINK_DEPS(fish_indent)
|
FISH_LINK_DEPS_AND_SIGN(fish_indent)
|
||||||
|
|
||||||
# Define fish_key_reader.
|
# Define fish_key_reader.
|
||||||
ADD_EXECUTABLE(fish_key_reader
|
ADD_EXECUTABLE(fish_key_reader
|
||||||
src/fish_key_reader.cpp src/print_help.cpp)
|
src/fish_key_reader.cpp src/print_help.cpp)
|
||||||
FISH_LINK_DEPS(fish_key_reader)
|
FISH_LINK_DEPS_AND_SIGN(fish_key_reader)
|
||||||
|
|
||||||
# Set up the docs.
|
# Set up the docs.
|
||||||
INCLUDE(cmake/Docs.cmake)
|
INCLUDE(cmake/Docs.cmake)
|
||||||
|
|
|
@ -55,4 +55,14 @@ ADD_CUSTOM_COMMAND(TARGET fish_macapp POST_BUILD
|
||||||
--build ${CMAKE_CURRENT_BINARY_DIR} --target install
|
--build ${CMAKE_CURRENT_BINARY_DIR} --target install
|
||||||
COMMAND ${CMAKE_COMMAND} -E copy_directory ${MACAPP_FISH_BUILDROOT}/..
|
COMMAND ${CMAKE_COMMAND} -E copy_directory ${MACAPP_FISH_BUILDROOT}/..
|
||||||
$<TARGET_BUNDLE_CONTENT_DIR:fish_macapp>/Resources/
|
$<TARGET_BUNDLE_CONTENT_DIR:fish_macapp>/Resources/
|
||||||
|
VERBATIM
|
||||||
|
)
|
||||||
|
|
||||||
|
# Target to sign the macapp.
|
||||||
|
# Note that a POST_BUILD step happens before resources are copied,
|
||||||
|
# and therefore would be too early.
|
||||||
|
ADD_CUSTOM_TARGET(signed_fish_macapp
|
||||||
|
DEPENDS fish_macapp
|
||||||
|
COMMAND codesign --force --deep --options runtime --sign "${MAC_CODESIGN_ID}" $<TARGET_BUNDLE_DIR:fish_macapp>
|
||||||
|
VERBATIM
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Define fish_tests.
|
# Define fish_tests.
|
||||||
ADD_EXECUTABLE(fish_tests EXCLUDE_FROM_ALL
|
ADD_EXECUTABLE(fish_tests EXCLUDE_FROM_ALL
|
||||||
src/fish_tests.cpp)
|
src/fish_tests.cpp)
|
||||||
FISH_LINK_DEPS(fish_tests)
|
FISH_LINK_DEPS_AND_SIGN(fish_tests)
|
||||||
|
|
||||||
# The "test" directory.
|
# The "test" directory.
|
||||||
SET(TEST_DIR ${CMAKE_CURRENT_BINARY_DIR}/test)
|
SET(TEST_DIR ${CMAKE_CURRENT_BINARY_DIR}/test)
|
||||||
|
|
Loading…
Reference in a new issue