Support codesigning bundles and forcing

Summary: Clangd's framework is assembled by copying binaries from the lib and bin directories into a bundle shape. This results in an invalid bundle code signature because the signature only applies to the binaries not the resources. This patch adds two new options to `llvm_codesign` to enable re-signing the library and XPC service as bundles. The `BUNDLE_PATH` option allow specifying an explicit path to codesign, which enables signing bundles which aren't generated using CMake's `FRAMEWORK` or `BUNDLE` target properties. The `FORCE` option allows re-signing binaries that have already been signed. This is required for how clangd exposes the clangd library and tools as both XPC and non-XPC services using the same binary. Reviewers: jkorous, bogner Reviewed By: bogner Subscribers: mgorny, ilya-biryukov, dexonsmith, arphaman, kadircet, cfe-commits, llvm-commits Tags: #clang, #llvm Differential Revision: https://reviews.llvm.org/D62693 llvm-svn: 362169
2019-05-30 22:25:48 +00:00 · 2019-05-30 22:25:48 +00:00 · 760a9ee63c
parent f1e300ca1a
commit 760a9ee63c
2 changed files with 16 additions and 3 deletions
--- a/clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
+++ b/clang-tools-extra/clangd/xpc/cmake/modules/CreateClangdXPCFramework.cmake
@ -70,4 +70,9 @@ macro(create_clangd_xpc_framework target name)
    ${target}
    ${CLANGD_FRAMEWORK_LOCATION}
  )
+
+  # clangd is already signed as a standalone executable, so it must be forced.
+  llvm_codesign(ClangdXPC BUNDLE_PATH "${CLANGD_FRAMEWORK_OUT_LOCATION}/XPCServices/${CLANGD_XPC_SERVICE_NAME}.xpc/" FORCE)
+  # ClangdXPC library is already signed as a standalone library, so it must be forced.
+  llvm_codesign(ClangdXPC BUNDLE_PATH "${CLANGD_FRAMEWORK_LOCATION}" FORCE)
 endmacro(create_clangd_xpc_framework)
--- a/llvm/cmake/modules/AddLLVM.cmake
+++ b/llvm/cmake/modules/AddLLVM.cmake
@ -1659,9 +1659,9 @@ function(llvm_externalize_debuginfo name)
  endif()
 endfunction()

-# Usage: llvm_codesign(name [ENTITLEMENTS file])
+# Usage: llvm_codesign(name [FORCE] [ENTITLEMENTS file] [BUNDLE_PATH path])
 function(llvm_codesign name)
-  cmake_parse_arguments(ARG "" "ENTITLEMENTS" "" ${ARGN})
+  cmake_parse_arguments(ARG "FORCE" "ENTITLEMENTS;BUNDLE_PATH" "" ${ARGN})

  if(NOT LLVM_CODESIGNING_IDENTITY)
    return()
@ -1691,12 +1691,20 @@ function(llvm_codesign name)
      set(pass_entitlements --entitlements ${ARG_ENTITLEMENTS})
    endif()

+    if (NOT ARG_BUNDLE_PATH)
+      set(ARG_BUNDLE_PATH $<TARGET_FILE:${name}>)
+    endif()
+
+    if(ARG_FORCE)
+      set(force_flag "-f")
+    endif()
+
    add_custom_command(
      TARGET ${name} POST_BUILD
      COMMAND ${CMAKE_COMMAND} -E
              env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}
              ${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}
-              ${pass_entitlements} $<TARGET_FILE:${name}>
+              ${pass_entitlements} ${force_flag} ${ARG_BUNDLE_PATH}
    )
  endif()
 endfunction()