Index: CMakeLists.txt =================================================================== --- CMakeLists.txt +++ CMakeLists.txt @@ -7,6 +7,8 @@ "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules" ) +option(LLDB_USE_ENTITLEMENTS "When codesigning use entitlements if available" ON) + include(LLDBStandalone) include(LLDBConfig) include(AddLLDB) Index: cmake/modules/AddLLDB.cmake =================================================================== --- cmake/modules/AddLLDB.cmake +++ cmake/modules/AddLLDB.cmake @@ -177,3 +177,61 @@ # Now set them onto the target. set_target_properties(${target_name} PROPERTIES LINK_FLAGS ${new_link_flags}) endfunction() + +# Usage: lldb_codesign(TARGETS t1 t2 [ENTITLE file] [IDENTITY override] [FORCE]) +# +# In contrast to the LLVM implementation, this function must be invoked +# explicitly for all targets that need code signing. +# +# IDENTITY defaults to LLDB_CODESIGN_IDENTITY. Code signing is skipped if it's +# empty and no override passed. ENTITLE specifies the entitlements file to use +# if LLDB_USE_ENTITLEMENTS is set. FORCE causes codesign to replace existing +# signatures. +# +function(lldb_codesign) + cmake_parse_arguments(ARG "FORCE" "ENTITLE;IDENTITY" "TARGETS" ${ARGN}) + + if(ARG_IDENTITY) + set(pass_identity --sign ${ARG_IDENTITY}) + elseif(LLDB_CODESIGN_IDENTITY) + set(pass_identity --sign ${LLDB_CODESIGN_IDENTITY}) + endif() + + if(NOT pass_identity) + message(WARNING "Skip code signing for ${ARG_TARGETS} due to missing identity") + return() + endif() + + if(APPLE) + if(LLDB_USE_ENTITLEMENTS AND DEFINED ENTITLE) + set(pass_entitlements --entitlements ${ENTITLE}) + endif() + + if(ARG_FORCE) + set(pass_force "--force") + endif() + + if(NOT CMAKE_CODESIGN) + set(CMAKE_CODESIGN xcrun codesign) + endif() + if(NOT CMAKE_CODESIGN_ALLOCATE) + execute_process( + COMMAND xcrun -f codesign_allocate + OUTPUT_STRIP_TRAILING_WHITESPACE + OUTPUT_VARIABLE CMAKE_CODESIGN_ALLOCATE + ) + endif() + + foreach(name ${ARG_TARGETS}) + # Invoke via CMake command for correct handling of spaces in the environment. + add_custom_command( + TARGET ${name} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE} + ${CMAKE_CODESIGN} ${pass_force} ${pass_identity} ${pass_entitlements} + $ + ) + endforeach() + else() + message(WARNING "LLDB-specific code signing not yet implemented for other platforms") + endif() +endfunction() Index: tools/debugserver/CMakeLists.txt =================================================================== --- tools/debugserver/CMakeLists.txt +++ tools/debugserver/CMakeLists.txt @@ -3,6 +3,8 @@ project(Debugserver LANGUAGES C CXX ASM-ATT) if (CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) + option(LLDB_USE_ENTITLEMENTS "When codesigning use entitlements if available" ON) + set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/../../cmake" Index: tools/debugserver/source/CMakeLists.txt =================================================================== --- tools/debugserver/source/CMakeLists.txt +++ tools/debugserver/source/CMakeLists.txt @@ -206,16 +206,6 @@ ) endif() -set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-macosx-entitlements.plist) -if(IOS) - set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-entitlements.plist) -else() - set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/../../../resources/debugserver-macosx-entitlements.plist) -endif() - -set(LLDB_USE_ENTITLEMENTS_Default On) -option(LLDB_USE_ENTITLEMENTS "Use entitlements when codesigning (Defaults Off when using lldb_codesign identity, otherwise On)" ${LLDB_USE_ENTITLEMENTS_Default}) - if (SKIP_DEBUGSERVER) if (CMAKE_HOST_APPLE) # If we haven't built a signed debugserver, copy the one from the system. @@ -225,32 +215,16 @@ COMMENT "Copying the system debugserver to LLDB's binaries directory.") endif() else() - if(LLDB_USE_ENTITLEMENTS) - set(entitlements_flags --entitlements ${entitlements_xml}) - endif() - execute_process( - COMMAND xcrun -f codesign_allocate - OUTPUT_STRIP_TRAILING_WHITESPACE - OUTPUT_VARIABLE CODESIGN_ALLOCATE - ) - add_custom_command(TARGET debugserver - POST_BUILD - COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CODESIGN_ALLOCATE} - codesign --force --sign ${LLDB_CODESIGN_IDENTITY} - ${entitlements_flags} - $ - ) - if(IOS) - add_custom_command(TARGET debugserver-nonui - POST_BUILD - COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CODESIGN_ALLOCATE} - codesign --force --sign ${LLDB_CODESIGN_IDENTITY} - ${entitlements_flags} - $ - ) + if(APPLE) + if(IOS) + set(entitlements ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-entitlements.plist) + set(targets debugserver debugserver-nonui) + else() + # Same entitlements file used for lldb-server + set(entitlements ${LLDB_SOURCE_DIR}/resources/debugserver-macosx-entitlements.plist) + set(targets debugserver) + endif() + + lldb_codesign(TARGETS ${targets} ENTITLE ${entitlements} FORCE) endif() endif() - - - - Index: tools/lldb-server/CMakeLists.txt =================================================================== --- tools/lldb-server/CMakeLists.txt +++ tools/lldb-server/CMakeLists.txt @@ -64,3 +64,11 @@ ) target_link_libraries(lldb-server PRIVATE ${LLDB_SYSTEM_LIBS}) + +if(APPLE) + if(NOT IOS) + set(entitlements ${LLDB_SOURCE_DIR}/resources/debugserver-macosx-entitlements.plist) + endif() + + lldb_codesign(TARGETS lldb-server ENTITLE ${entitlements} FORCE) +endif()