sgraenitz created this revision.
sgraenitz added reviewers: beanz, bogner, lanza, friss.
Herald added a subscriber: mgorny.
Add LLDB-specific utility function lldb_codesign. In contrast to llvm_codesign
it must be invoked explicitly and allows to pass a target-specific entitlements
file as well as an override for the codesign identity.
https://reviews.llvm.org/D54352
Files:
CMakeLists.txt
cmake/modules/AddLLDB.cmake
tools/debugserver/CMakeLists.txt
tools/debugserver/source/CMakeLists.txt
tools/lldb-server/CMakeLists.txt
Index: tools/lldb-server/CMakeLists.txt
===================================================================
--- tools/lldb-server/CMakeLists.txt
+++ tools/lldb-server/CMakeLists.txt
@@ -64,3 +64,11 @@
)
target_link_libraries(lldb-server PRIVATE ${LLDB_SYSTEM_LIBS})
+
+if(APPLE)
+ if(NOT IOS)
+ set(entitlements ${LLDB_SOURCE_DIR}/resources/debugserver-macosx-entitlements.plist)
+ endif()
+
+ lldb_codesign(TARGETS lldb-server ENTITLE ${entitlements} FORCE)
+endif()
Index: tools/debugserver/source/CMakeLists.txt
===================================================================
--- tools/debugserver/source/CMakeLists.txt
+++ tools/debugserver/source/CMakeLists.txt
@@ -206,16 +206,6 @@
)
endif()
-set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-macosx-entitlements.plist)
-if(IOS)
- set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-entitlements.plist)
-else()
- set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/../../../resources/debugserver-macosx-entitlements.plist)
-endif()
-
-set(LLDB_USE_ENTITLEMENTS_Default On)
-option(LLDB_USE_ENTITLEMENTS "Use entitlements when codesigning (Defaults Off when using lldb_codesign identity, otherwise On)" ${LLDB_USE_ENTITLEMENTS_Default})
-
if (SKIP_DEBUGSERVER)
if (CMAKE_HOST_APPLE)
# If we haven't built a signed debugserver, copy the one from the system.
@@ -225,32 +215,16 @@
COMMENT "Copying the system debugserver to LLDB's binaries directory.")
endif()
else()
- if(LLDB_USE_ENTITLEMENTS)
- set(entitlements_flags --entitlements ${entitlements_xml})
- endif()
- execute_process(
- COMMAND xcrun -f codesign_allocate
- OUTPUT_STRIP_TRAILING_WHITESPACE
- OUTPUT_VARIABLE CODESIGN_ALLOCATE
- )
- add_custom_command(TARGET debugserver
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CODESIGN_ALLOCATE}
- codesign --force --sign ${LLDB_CODESIGN_IDENTITY}
- ${entitlements_flags}
- $<TARGET_FILE:debugserver>
- )
- if(IOS)
- add_custom_command(TARGET debugserver-nonui
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CODESIGN_ALLOCATE}
- codesign --force --sign ${LLDB_CODESIGN_IDENTITY}
- ${entitlements_flags}
- $<TARGET_FILE:debugserver>
- )
+ if(APPLE)
+ if(IOS)
+ set(entitlements ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-entitlements.plist)
+ set(targets debugserver debugserver-nonui)
+ else()
+ # Same entitlements file used for lldb-server
+ set(entitlements ${LLDB_SOURCE_DIR}/resources/debugserver-macosx-entitlements.plist)
+ set(targets debugserver)
+ endif()
+
+ lldb_codesign(TARGETS ${targets} ENTITLE ${entitlements} FORCE)
endif()
endif()
-
-
-
-
Index: tools/debugserver/CMakeLists.txt
===================================================================
--- tools/debugserver/CMakeLists.txt
+++ tools/debugserver/CMakeLists.txt
@@ -3,6 +3,8 @@
project(Debugserver LANGUAGES C CXX ASM-ATT)
if (CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR)
+ option(LLDB_USE_ENTITLEMENTS "When codesigning use entitlements if available" ON)
+
set(CMAKE_MODULE_PATH
${CMAKE_MODULE_PATH}
"${CMAKE_SOURCE_DIR}/../../cmake"
Index: cmake/modules/AddLLDB.cmake
===================================================================
--- cmake/modules/AddLLDB.cmake
+++ cmake/modules/AddLLDB.cmake
@@ -177,3 +177,61 @@
# Now set them onto the target.
set_target_properties(${target_name} PROPERTIES LINK_FLAGS ${new_link_flags})
endfunction()
+
+# Usage: lldb_codesign(TARGETS t1 t2 [ENTITLE file] [IDENTITY override] [FORCE])
+#
+# In contrast to the LLVM implementation, this function must be invoked
+# explicitly for all targets that need code signing.
+#
+# IDENTITY defaults to LLDB_CODESIGN_IDENTITY. Code signing is skipped if it's
+# empty and no override passed. ENTITLE specifies the entitlements file to use
+# if LLDB_USE_ENTITLEMENTS is set. FORCE causes codesign to replace existing
+# signatures.
+#
+function(lldb_codesign)
+ cmake_parse_arguments(ARG "FORCE" "ENTITLE;IDENTITY" "TARGETS" ${ARGN})
+
+ if(ARG_IDENTITY)
+ set(pass_identity --sign ${ARG_IDENTITY})
+ elseif(LLDB_CODESIGN_IDENTITY)
+ set(pass_identity --sign ${LLDB_CODESIGN_IDENTITY})
+ endif()
+
+ if(NOT pass_identity)
+ message(WARNING "Skip code signing for ${ARG_TARGETS} due to missing identity")
+ return()
+ endif()
+
+ if(APPLE)
+ if(LLDB_USE_ENTITLEMENTS AND DEFINED ENTITLE)
+ set(pass_entitlements --entitlements ${ENTITLE})
+ endif()
+
+ if(ARG_FORCE)
+ set(pass_force "--force")
+ endif()
+
+ if(NOT CMAKE_CODESIGN)
+ set(CMAKE_CODESIGN xcrun codesign)
+ endif()
+ if(NOT CMAKE_CODESIGN_ALLOCATE)
+ execute_process(
+ COMMAND xcrun -f codesign_allocate
+ OUTPUT_STRIP_TRAILING_WHITESPACE
+ OUTPUT_VARIABLE CMAKE_CODESIGN_ALLOCATE
+ )
+ endif()
+
+ foreach(name ${ARG_TARGETS})
+ # Invoke via CMake command for correct handling of spaces in the environment.
+ add_custom_command(
+ TARGET ${name} POST_BUILD
+ COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}
+ ${CMAKE_CODESIGN} ${pass_force} ${pass_identity} ${pass_entitlements}
+ $<TARGET_FILE:${name}>
+ )
+ endforeach()
+ else()
+ message(WARNING "LLDB-specific code signing not yet implemented for other platforms")
+ endif()
+endfunction()
Index: CMakeLists.txt
===================================================================
--- CMakeLists.txt
+++ CMakeLists.txt
@@ -7,6 +7,8 @@
"${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules"
)
+option(LLDB_USE_ENTITLEMENTS "When codesigning use entitlements if available" ON)
+
include(LLDBStandalone)
include(LLDBConfig)
include(AddLLDB)
_______________________________________________
lldb-commits mailing list
lldb-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
