[CMake] Accept ENTITLEMENTS in add_llvm_executable and llvm_codesign

Summary: Allow code-signing with entitlements. FORCE may be used to avoid an error when replacing existing signatures. Reviewers: beanz, bogner Reviewed By: beanz Subscribers: mgorny, llvm-commits, lldb-commits Differential Revision: https://reviews.llvm.org/D54443 llvm-svn: 347068
2024-12-03 17:02:03 +00:00 · 2018-11-16 18:10:36 +00:00 · 2018-11-16 18:10:36 +00:00 · a6180e2036
commit a6180e2036
parent 805e175f61
2 changed files with 24 additions and 8 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -399,8 +399,8 @@ option(LLVM_USE_OPROFILE
 option(LLVM_EXTERNALIZE_DEBUGINFO
  "Generate dSYM files and strip executables and libraries (Darwin Only)" OFF)

-option(LLVM_CODESIGNING_IDENTITY
-  "Sign executables and dylibs with the given identity (Darwin Only)" OFF)
+set(LLVM_CODESIGNING_IDENTITY "" CACHE STRING
+  "Sign executables and dylibs with the given identity or skip if empty (Darwin Only)")

 # If enabled, verify we are on a platform that supports oprofile.
 if( LLVM_USE_OPROFILE )
--- a/cmake/modules/AddLLVM.cmake
+++ b/cmake/modules/AddLLVM.cmake
@ -580,7 +580,7 @@ function(llvm_add_library name)

  if(ARG_SHARED OR ARG_MODULE)
    llvm_externalize_debuginfo(${name})
-    llvm_codesign(${name})
+    llvm_codesign(TARGET ${name})
  endif()
 endfunction()

@ -708,7 +708,12 @@ endmacro(add_llvm_loadable_module name)


 macro(add_llvm_executable name)
-  cmake_parse_arguments(ARG "DISABLE_LLVM_LINK_LLVM_DYLIB;IGNORE_EXTERNALIZE_DEBUGINFO;NO_INSTALL_RPATH" "" "DEPENDS" ${ARGN})
+  cmake_parse_arguments(ARG
+    "DISABLE_LLVM_LINK_LLVM_DYLIB;IGNORE_EXTERNALIZE_DEBUGINFO;NO_INSTALL_RPATH"
+    "ENTITLEMENTS"
+    "DEPENDS"
+    ${ARGN})
+
  llvm_process_sources( ALL_FILES ${ARG_UNPARSED_ARGUMENTS} )

  list(APPEND LLVM_COMMON_DEPENDS ${ARG_DEPENDS})
@ -787,7 +792,7 @@ macro(add_llvm_executable name)
    target_link_libraries(${name} PRIVATE ${LLVM_PTHREAD_LIB})
  endif()

-  llvm_codesign(${name})
+  llvm_codesign(TARGET ${name} ENTITLEMENTS ${ARG_ENTITLEMENTS})
 endmacro(add_llvm_executable name)

 function(export_executable_symbols target)
@ -1626,7 +1631,14 @@ function(llvm_externalize_debuginfo name)
  endif()
 endfunction()

-function(llvm_codesign name)
+# Usage: llvm_codesign(TARGET name [ENTITLEMENTS file])
+#
+# Code-sign the given TARGET with the global LLVM_CODESIGNING_IDENTITY or skip
+# if undefined. Customize capabilities by passing a file path to ENTITLEMENTS.
+#
+function(llvm_codesign)
+  cmake_parse_arguments(ARG "" "TARGET;ENTITLEMENTS" "" ${ARGN})
+
  if(NOT LLVM_CODESIGNING_IDENTITY)
    return()
  endif()
@ -1642,12 +1654,16 @@ function(llvm_codesign name)
        OUTPUT_VARIABLE CMAKE_CODESIGN_ALLOCATE
      )
    endif()
+    if(DEFINED ARG_ENTITLEMENTS)
+      set(PASS_ENTITLEMENTS --entitlements ${ARG_ENTITLEMENTS})
+    endif()
+
    add_custom_command(
-      TARGET ${name} POST_BUILD
+      TARGET ${ARG_TARGET} POST_BUILD
      COMMAND ${CMAKE_COMMAND} -E
              env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}
              ${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}
-              $<TARGET_FILE:${name}>
+              ${PASS_ENTITLEMENTS} $<TARGET_FILE:${ARG_TARGET}>
    )
  endif()
 endfunction()