[cmake-developers] [CMake 0015507]: CMake.App bundle is malformed which prevents code signing it
Mantis Bug Tracker
mantis at public.kitware.com
Wed Apr 8 18:28:40 EDT 2015
The following issue has been SUBMITTED.
======================================================================
http://www.cmake.org/Bug/view.php?id=15507
======================================================================
Reported By: Eric Wing
Assigned To:
======================================================================
Project: CMake
Issue ID: 15507
Category: CMake
Reproducibility: have not tried
Severity: minor
Priority: normal
Status: new
======================================================================
Date Submitted: 2015-04-08 18:28 EDT
Last Modified: 2015-04-08 18:28 EDT
======================================================================
Summary: CMake.App bundle is malformed which prevents code
signing it
Description:
CMake should be code signable so somebody can potentially sign it for Mac
deployment. When it is not code signed, Apple's GateKeeper will block it by
default. (I'm actually distributing it internally, and wanted to code sign it
with my own key just to avoid headaches.)
CMake.app's internals have a few flaws which prevent code signing. The majority
are not in CMake itself, but in the embedded Qt frameworks.
Steps to Reproduce:
This will fail with errors.
codesign --force --verbose --sign "Developer ID" --deep CMake.app
Additional Information:
I tested with CMake 3.0, but not the latest, but I suspect the issue still
exists in the latest.
The flaws are as follows:
- QtCore and QtGui must have an Info.plist in Versions/4/Resources directory
- There should be a Current symlink to the 4 directory
- QtGui puts the Resources directory in the wrong place
- In my copy of CMake, there are two executables in Contents/MacOS instead of
just one, which confuses the code signing. The second is an executable with a
version number in the name. That shouldn't exist. (But you can manually code
sign both to make the overall code sign work.)
Below is my script that basically works around the problems. Ideally, the
underlying flaws would be fixed instead of worked around.
#!/bin/zsh
# gets the script path
# script_path=${0:a}
# gets the directory in which the script resides
SCRIPT_DIR=${0:a:h}
CODE_SIGN_IDENTITY="Developer ID"
if [ -z $1 ]; then
echo "Usage: codesign_cmake /path/CMake.app"
exit 1
fi
CMAKE_DIR=$1
# Hack to fix mangled frameworks:
mkdir "$CMAKE_DIR"/Contents/Frameworks/QtCore.framework/Versions/4/Resources
mkdir "$CMAKE_DIR"/Contents/Frameworks/QtGui.framework/Versions/4/Resources
cp "$SCRIPT_DIR/QtCore.Info.plist"
"$CMAKE_DIR"/Contents/Frameworks/QtCore.framework/Versions/4/Resources/Info.plist
cp "$SCRIPT_DIR/QtGui.Info.plist"
"$CMAKE_DIR"/Contents/Frameworks/QtGui.framework/Versions/4/Resources/Info.plist
(cd "$CMAKE_DIR"/Contents/Frameworks/QtCore.framework/Versions
ln -s 4 Current
)
(cd "$CMAKE_DIR"/Contents/Frameworks/QtGui.framework/Versions
ln -s 4 Current
)
(cd "$CMAKE_DIR"/Contents/Frameworks/QtGui.framework
mv Resources/* Versions/4/Resources/
rmdir Resources
ln -s Versions/Current/Resources Resources
)
codesign --force --verbose --sign "$CODE_SIGN_IDENTITY"
"$CMAKE_DIR"/Contents/Frameworks/QtCore.framework/Versions/4/QtCore
codesign --force --verbose --sign "$CODE_SIGN_IDENTITY"
"$CMAKE_DIR"/Contents/Frameworks/QtGui.framework/Versions/4/QtGui
find "$CMAKE_DIR"/Contents/bin -type f -exec codesign --force --verbose --sign
"$CODE_SIGN_IDENTITY" {} \;
find "$CMAKE_DIR"/Contents/MacOS -type f -exec codesign --force --verbose --sign
"$CODE_SIGN_IDENTITY" {} \;
codesign --force --verbose --sign "$CODE_SIGN_IDENTITY" "$CMAKE_DIR"
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2015-04-08 18:28 Eric Wing New Issue
======================================================================
More information about the cmake-developers
mailing list