From 1069a3f02bbe12fdf326cf7cfdb12820cee6030a Mon Sep 17 00:00:00 2001 From: Brad King Date: Tue, 7 May 2019 13:11:36 -0400 Subject: Configure CMake itself with policies through CMake 3.14 In particular, set `CMP0082` to `NEW` to interleave install commands in the top-level directory with subdirectory installations. --- CMakeLists.txt | 2 +- Utilities/Doxygen/CMakeLists.txt | 2 +- Utilities/Sphinx/CMakeLists.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index fc033ba..9274a8a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,7 @@ # Distributed under the OSI-approved BSD 3-Clause License. See accompanying # file Copyright.txt or https://cmake.org/licensing for details. -cmake_minimum_required(VERSION 3.1...3.12 FATAL_ERROR) +cmake_minimum_required(VERSION 3.1...3.14 FATAL_ERROR) set(CMAKE_USER_MAKE_RULES_OVERRIDE_C ${CMAKE_CURRENT_SOURCE_DIR}/Source/Modules/OverrideC.cmake) set(CMAKE_USER_MAKE_RULES_OVERRIDE_CXX ${CMAKE_CURRENT_SOURCE_DIR}/Source/Modules/OverrideCXX.cmake) project(CMake) diff --git a/Utilities/Doxygen/CMakeLists.txt b/Utilities/Doxygen/CMakeLists.txt index 2cdd767..ce4cfaf 100644 --- a/Utilities/Doxygen/CMakeLists.txt +++ b/Utilities/Doxygen/CMakeLists.txt @@ -3,7 +3,7 @@ if(NOT CMake_SOURCE_DIR) set(CMakeDeveloperReference_STANDALONE 1) - cmake_minimum_required(VERSION 3.1...3.12 FATAL_ERROR) + cmake_minimum_required(VERSION 3.1...3.14 FATAL_ERROR) get_filename_component(tmp "${CMAKE_CURRENT_SOURCE_DIR}" PATH) get_filename_component(CMake_SOURCE_DIR "${tmp}" PATH) include(${CMake_SOURCE_DIR}/Modules/CTestUseLaunchers.cmake) diff --git a/Utilities/Sphinx/CMakeLists.txt b/Utilities/Sphinx/CMakeLists.txt index 15204d6..c5b2bfe 100644 --- a/Utilities/Sphinx/CMakeLists.txt +++ b/Utilities/Sphinx/CMakeLists.txt @@ -3,7 +3,7 @@ if(NOT CMake_SOURCE_DIR) set(CMakeHelp_STANDALONE 1) - cmake_minimum_required(VERSION 3.1...3.12 FATAL_ERROR) + cmake_minimum_required(VERSION 3.1...3.14 FATAL_ERROR) get_filename_component(tmp "${CMAKE_CURRENT_SOURCE_DIR}" PATH) get_filename_component(CMake_SOURCE_DIR "${tmp}" PATH) include(${CMake_SOURCE_DIR}/Modules/CTestUseLaunchers.cmake) -- cgit v0.12 From 29f4f70b41858b8d89a4cf77a8f87ceb1df3b80a Mon Sep 17 00:00:00 2001 From: Brad King Date: Tue, 7 May 2019 15:02:20 -0400 Subject: Add undocumented option to sign CMake's own binaries on Windows --- CMakeLists.txt | 6 +++++ Source/CMakeInstallSignTool.cmake.in | 51 ++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 Source/CMakeInstallSignTool.cmake.in diff --git a/CMakeLists.txt b/CMakeLists.txt index 9274a8a..51a1d8b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -822,4 +822,10 @@ if(NOT CMake_TEST_EXTERNAL_CMAKE) # Install auxiliary files integrating with other tools. add_subdirectory(Auxiliary) + + # Optionally sign installed binaries. + if(CMake_INSTALL_SIGNTOOL) + configure_file(Source/CMakeInstallSignTool.cmake.in Source/CMakeInstallSignTool.cmake @ONLY) + install(SCRIPT ${CMAKE_CURRENT_BINARY_DIR}/Source/CMakeInstallSignTool.cmake) + endif() endif() diff --git a/Source/CMakeInstallSignTool.cmake.in b/Source/CMakeInstallSignTool.cmake.in new file mode 100644 index 0000000..fca629c --- /dev/null +++ b/Source/CMakeInstallSignTool.cmake.in @@ -0,0 +1,51 @@ +# The signtool. Default to PATH. +set(CMake_INSTALL_SIGNTOOL "@CMake_INSTALL_SIGNTOOL@") +if(NOT CMake_INSTALL_SIGNTOOL) + set(CMake_INSTALL_SIGNTOOL signtool) +endif() + +# Select a certificate by Subject Name. Default to automatic selection. +set(CMake_INSTALL_SIGNTOOL_SUBJECT_NAME "@CMake_INSTALL_SIGNTOOL_SUBJECT_NAME@") +if(CMake_INSTALL_SIGNTOOL_SUBJECT_NAME) + set(select_cert -n "${CMake_INSTALL_SIGNTOOL_SUBJECT_NAME}") +else() + set(select_cert -a) +endif() + +# Timestamp URL. Default to a common provider. +set(CMake_INSTALL_SIGNTOOL_TIMESTAMP_URL "@CMake_INSTALL_SIGNTOOL_TIMESTAMP_URL@") +if(NOT CMake_INSTALL_SIGNTOOL_TIMESTAMP_URL) + set(CMake_INSTALL_SIGNTOOL_TIMESTAMP_URL "http://timestamp.digicert.com") +endif() + +# Glob files that need a signature. +file(GLOB files "$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/bin/*.exe") + +# Sign all files at once. +if(files) + # Run the signtool through 'cmd /c' to enable password prompt popup. + # Some providers have trouble when signtool is invoked with SW_HIDE. + set(cmd cmd /c "${CMake_INSTALL_SIGNTOOL}" sign -v ${select_cert}) + + # Sign with SHA-1 for Windows 7 and below. + execute_process( + COMMAND ${cmd} -t "${CMake_INSTALL_SIGNTOOL_TIMESTAMP_URL}" ${files} + RESULT_VARIABLE result + ERROR_VARIABLE stderr + ) + if(NOT result EQUAL 0) + string(REPLACE "\n" "\n " stderr " ${stderr}") + message(WARNING "signtool failed:\n${stderr}") + endif() + + # Sign with SHA-256 for Windows 8 and above. + execute_process( + COMMAND ${cmd} -tr "${CMake_INSTALL_SIGNTOOL_TIMESTAMP_URL}" -fd sha256 -td sha256 -as ${files} + RESULT_VARIABLE result + ERROR_VARIABLE stderr + ) + if(NOT result EQUAL 0) + string(REPLACE "\n" "\n " stderr " ${stderr}") + message(WARNING "signtool failed:\n${stderr}") + endif() +endif() -- cgit v0.12 From 9a34031081ccd0a3a782d756d6e24be6fdc1740c Mon Sep 17 00:00:00 2001 From: Brad King Date: Tue, 7 May 2019 15:03:16 -0400 Subject: Utilities/Release: Enable signing of Windows release binaries --- Utilities/Release/linux64_release.cmake | 1 + Utilities/Release/osx_release.cmake | 1 + Utilities/Release/release_cmake.sh.in | 2 +- Utilities/Release/win32_release.cmake | 4 ++++ Utilities/Release/win64_release.cmake | 4 ++++ 5 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Utilities/Release/linux64_release.cmake b/Utilities/Release/linux64_release.cmake index fa585d7..958ed25 100644 --- a/Utilities/Release/linux64_release.cmake +++ b/Utilities/Release/linux64_release.cmake @@ -44,6 +44,7 @@ CMake_QT_STATIC_QXcbIntegrationPlugin_LIBRARIES:STRING=${qt_xcb_libs} set(ENV [[ export CMAKE_PREFIX_PATH=/opt/binutils-2.31 ]]) +set(SIGN "") # Exclude Qt5 tests because our Qt5 is static. set(EXTRA_CTEST_ARGS "-E Qt5") diff --git a/Utilities/Release/osx_release.cmake b/Utilities/Release/osx_release.cmake index be11d47..ac35872 100644 --- a/Utilities/Release/osx_release.cmake +++ b/Utilities/Release/osx_release.cmake @@ -29,5 +29,6 @@ CMake_TEST_NO_FindPackageModeMakefileTest:BOOL=TRUE set(ENV [[ export CMAKE_PREFIX_PATH='/Users/kitware/SDKs/qt-5.6.2-clang-x64' ]]) +set(SIGN "") get_filename_component(path "${CMAKE_CURRENT_LIST_FILE}" PATH) include(${path}/release_cmake.cmake) diff --git a/Utilities/Release/release_cmake.sh.in b/Utilities/Release/release_cmake.sh.in index f363b3d..696a3f4 100755 --- a/Utilities/Release/release_cmake.sh.in +++ b/Utilities/Release/release_cmake.sh.in @@ -150,7 +150,7 @@ for GEN in $generators; do check_exit_value $? "Create $GEN package" || exit 1 done - +@SIGN@ echo "End release" date diff --git a/Utilities/Release/win32_release.cmake b/Utilities/Release/win32_release.cmake index 974c402..468e5f4 100644 --- a/Utilities/Release/win32_release.cmake +++ b/Utilities/Release/win32_release.cmake @@ -45,5 +45,9 @@ set(GIT_EXTRA "git config core.autocrlf true") if(CMAKE_CREATE_VERSION STREQUAL "nightly") # Some tests fail spuriously too often. set(EXTRA_CTEST_ARGS "-E 'ConsoleBuf|Module.ExternalData'") + set(SIGN "") +else() + string(APPEND INITIAL_CACHE "CMake_INSTALL_SIGNTOOL:STRING=signtool\n") + set(SIGN [[signtool sign -v -a -tr http://timestamp.digicert.com -fd sha256 -td sha256 -d "CMake Windows Installer" cmake-*.msi]]) endif() include(${path}/release_cmake.cmake) diff --git a/Utilities/Release/win64_release.cmake b/Utilities/Release/win64_release.cmake index 20529f0..5a93ce6 100644 --- a/Utilities/Release/win64_release.cmake +++ b/Utilities/Release/win64_release.cmake @@ -45,5 +45,9 @@ set(GIT_EXTRA "git config core.autocrlf true") if(CMAKE_CREATE_VERSION STREQUAL "nightly") # Some tests fail spuriously too often. set(EXTRA_CTEST_ARGS "-E 'ConsoleBuf|Module.ExternalData'") + set(SIGN "") +else() + string(APPEND INITIAL_CACHE "CMake_INSTALL_SIGNTOOL:STRING=signtool\n") + set(SIGN [[signtool sign -v -a -tr http://timestamp.digicert.com -fd sha256 -td sha256 -d "CMake Windows Installer" cmake-*.msi]]) endif() include(${path}/release_cmake.cmake) -- cgit v0.12