[cmake-developers] Support of codesign

Brad King brad.king at kitware.com
Thu Oct 23 13:40:58 EDT 2014 

On 10/23/2014 12:21 PM, Clinton Stimpson wrote:
> Actually, the design is intentional -- that is, it has the feature of creating 
> the application bundle for you, which involves handling for icons, Info.plist, 
> and now the proposed code signing.  Alternatively, we have handling for icons 
> and Info.plist in add_executable(... MACOSX_BUNDLE ...).  So basically, its 
> duplicated functionality.

Okay, so IIUC the CPack Bundle generator helps create .app bundles out of
projects that are not aware of them.  Projects that are aware and that use
MACOSX_BUNDLE should probably not use the CPack Bundle generator and instead
use the DragNDrop generator.

> If the Bundle generator is changed to be made consistent with other cpack
> generators (which implies you lose the bundle making feature), you end up with
> what the DragNDrop generator is.

Okay, so it does not make sense to change it.

> And now there is code signing....  There is a chance that code signing will be
> introduced into CMake using another mechanism that works across platforms and
> across cpack generators.  How that will interact with the propose patch, I do
> not know, so I do have some concern about adding this patch.
[snip]
On 10/23/2014 01:01 PM, Adam Strzelecki wrote:
> I think that CPack should be responsible of signing only what it creates.
> Since CPack does not create .app bundle ... it shouldn't touch .app.
> Then code signing .app bundle should be part of install (cmake_install.cmake)

I think Adam's suggestion makes sense.  However, in the case of the Bundle
generator that the proposed patch modifies CPack *is* creating the .app
bundle and so should be able to sign it.  Therefore the patch will not get
in the way of future CMake support for signing .app during installation,
especially because it requires both explicit configuration and use of the
CPack Bundle generator that according to the above recommendation should
not be used for projects aware of MACOSX_BUNDLE.

In order to keep it further out of the way, the related variables should
be specific to the Bundle generator.  Instead of:

 CPACK_APPLE_CERT_APP
 CPACK_APPLE_ENTITLEMENTS
 CPACK_APPLE_CODESIGN_FILES

perhaps they should be called:

 CPACK_BUNDLE_APPLE_CERT_APP
 CPACK_BUNDLE_APPLE_ENTITLEMENTS
 CPACK_BUNDLE_APPLE_CODESIGN_FILES

Thanks,
-Brad

More information about the cmake-developers mailing list