From 48aad9cda099005f5f58a7e83d604877f6f84c6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20W=C3=BCger?= Date: Sun, 15 Jan 2017 01:29:34 +0100 Subject: CPackProductBuild: Add options to sign packages --- Help/release/dev/cpack-productbuild-signing.rst | 8 ++++++++ Modules/CPackProductBuild.cmake | 20 ++++++++++++++++++++ Source/CPack/cmCPackProductBuildGenerator.cxx | 22 ++++++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 Help/release/dev/cpack-productbuild-signing.rst diff --git a/Help/release/dev/cpack-productbuild-signing.rst b/Help/release/dev/cpack-productbuild-signing.rst new file mode 100644 index 0000000..0b91b38 --- /dev/null +++ b/Help/release/dev/cpack-productbuild-signing.rst @@ -0,0 +1,8 @@ +cpack-productbuild-signing +-------------------------- + +* The :module:`CPackProductBuild` module gained options to sign packages. + See the variables :variable:`CPACK_PRODUCTBUILD_IDENTITY_NAME`, + :variable:`CPACK_PRODUCTBUILD_KEYCHAIN_PATH`, + :variable:`CPACK_PKGBUILD_IDENTITY_NAME`, and + :variable:`CPACK_PKGBUILD_KEYCHAIN_PATH`. diff --git a/Modules/CPackProductBuild.cmake b/Modules/CPackProductBuild.cmake index ea2fa7c..d545d3e 100644 --- a/Modules/CPackProductBuild.cmake +++ b/Modules/CPackProductBuild.cmake @@ -20,9 +20,29 @@ # the automatically detected command (or specify its location if the # auto-detection fails to find it.) # +# .. variable:: CPACK_PRODUCTBUILD_IDENTITY_NAME +# +# Adds a digital signature to the resulting package. +# +# +# .. variable:: CPACK_PRODUCTBUILD_KEYCHAIN_PATH +# +# Specify a specific keychain to search for the signing identity. +# +# # .. variable:: CPACK_COMMAND_PKGBUILD # # Path to the pkgbuild(1) command used to generate an OS X component package # on OS X. This variable can be used to override the automatically detected # command (or specify its location if the auto-detection fails to find it.) # +# +# .. variable:: CPACK_PKGBUILD_IDENTITY_NAME +# +# Adds a digital signature to the resulting package. +# +# +# .. variable:: CPACK_PKGBUILD_KEYCHAIN_PATH +# +# Specify a specific keychain to search for the signing identity. +# diff --git a/Source/CPack/cmCPackProductBuildGenerator.cxx b/Source/CPack/cmCPackProductBuildGenerator.cxx index a46e3a6..a5a18dc 100644 --- a/Source/CPack/cmCPackProductBuildGenerator.cxx +++ b/Source/CPack/cmCPackProductBuildGenerator.cxx @@ -75,6 +75,14 @@ int cmCPackProductBuildGenerator::PackageFiles() std::string version = this->GetOption("CPACK_PACKAGE_VERSION"); std::string productbuild = this->GetOption("CPACK_COMMAND_PRODUCTBUILD"); + std::string identityName; + if (const char* n = this->GetOption("CPACK_PRODUCTBUILD_IDENTITY_NAME")) { + identityName = n; + } + std::string keychainPath; + if (const char* p = this->GetOption("CPACK_PRODUCTBUILD_KEYCHAIN_PATH")) { + keychainPath = p; + } pkgCmd << productbuild << " --distribution \"" << packageDirFileName << "/Contents/distribution.dist\"" @@ -82,6 +90,9 @@ int cmCPackProductBuildGenerator::PackageFiles() << "\"" << " --resources \"" << resDir << "\"" << " --version \"" << version << "\"" + << (identityName.empty() ? "" : " --sign \"" + identityName + "\"") + << (keychainPath.empty() ? "" + : " --keychain \"" + keychainPath + "\"") << " \"" << packageFileNames[0] << "\""; // Run ProductBuild @@ -193,12 +204,23 @@ bool cmCPackProductBuildGenerator::GenerateComponentPackage( std::string version = this->GetOption("CPACK_PACKAGE_VERSION"); std::string pkgbuild = this->GetOption("CPACK_COMMAND_PKGBUILD"); + std::string identityName; + if (const char* n = this->GetOption("CPACK_PKGBUILD_IDENTITY_NAME")) { + identityName = n; + } + std::string keychainPath; + if (const char* p = this->GetOption("CPACK_PKGBUILD_KEYCHAIN_PATH")) { + keychainPath = p; + } pkgCmd << pkgbuild << " --root \"" << packageDir << "\"" << " --identifier \"" << pkgId << "\"" << " --scripts \"" << scriptDir << "\"" << " --version \"" << version << "\"" << " --install-location \"/\"" + << (identityName.empty() ? "" : " --sign \"" + identityName + "\"") + << (keychainPath.empty() ? "" + : " --keychain \"" + keychainPath + "\"") << " \"" << packageFile << "\""; // Run ProductBuild -- cgit v0.12