Index: CMakeLists.txt =================================================================== --- CMakeLists.txt +++ CMakeLists.txt @@ -399,8 +399,11 @@ option(LLVM_EXTERNALIZE_DEBUGINFO "Generate dSYM files and strip executables and libraries (Darwin Only)" OFF) -option(LLVM_CODESIGNING_IDENTITY - "Sign executables and dylibs with the given identity (Darwin Only)" OFF) +set(LLVM_CODESIGNING_IDENTITY "" CACHE STRING + "Sign executables and dylibs with the given identity or skip if empty (Darwin Only)") + +option(LLVM_CODESIGNING_FORCE + "Suppress errors when replacing existing signatures (Darwin Only)" OFF) # If enabled, verify we are on a platform that supports oprofile. if( LLVM_USE_OPROFILE ) Index: cmake/modules/AddLLVM.cmake =================================================================== --- cmake/modules/AddLLVM.cmake +++ cmake/modules/AddLLVM.cmake @@ -580,7 +580,7 @@ if(ARG_SHARED OR ARG_MODULE) llvm_externalize_debuginfo(${name}) - llvm_codesign(${name}) + llvm_codesign(TARGET ${name}) endif() endfunction() @@ -708,7 +708,12 @@ macro(add_llvm_executable name) - cmake_parse_arguments(ARG "DISABLE_LLVM_LINK_LLVM_DYLIB;IGNORE_EXTERNALIZE_DEBUGINFO;NO_INSTALL_RPATH" "" "DEPENDS" ${ARGN}) + cmake_parse_arguments(ARG + "DISABLE_LLVM_LINK_LLVM_DYLIB;IGNORE_EXTERNALIZE_DEBUGINFO;NO_INSTALL_RPATH" + "ENTITLEMENTS" + "DEPENDS" + ${ARGN}) + llvm_process_sources( ALL_FILES ${ARG_UNPARSED_ARGUMENTS} ) list(APPEND LLVM_COMMON_DEPENDS ${ARG_DEPENDS}) @@ -787,7 +792,7 @@ target_link_libraries(${name} PRIVATE ${LLVM_PTHREAD_LIB}) endif() - llvm_codesign(${name}) + llvm_codesign(TARGET ${name} ENTITLEMENTS ${ARG_ENTITLEMENTS}) endmacro(add_llvm_executable name) function(export_executable_symbols target) @@ -1626,7 +1631,16 @@ endif() endfunction() -function(llvm_codesign name) +# Usage: llvm_codesign(TARGET name [ENTITLEMENTS file]) +# +# Code-sign the given TARGET with the global LLVM_CODESIGNING_IDENTITY or skip +# if undefined. Customize capabilities by passing a file path to ENTITLEMENTS. +# Use LLVM_CODESIGNING_FORCE to avoid an error when replacing existing +# signatures in failsafe/debugging situations. +# +function(llvm_codesign) + cmake_parse_arguments(ARG "" "TARGET;ENTITLEMENTS" "" ${ARGN}) + if(NOT LLVM_CODESIGNING_IDENTITY) return() endif() @@ -1642,12 +1656,20 @@ OUTPUT_VARIABLE CMAKE_CODESIGN_ALLOCATE ) endif() + if(LLVM_CODESIGNING_FORCE) + set(PASS_FORCE --force) + endif() + if(DEFINED ARG_ENTITLEMENTS) + set(PASS_ENTITLEMENTS --entitlements ${ARG_ENTITLEMENTS}) + endif() + add_custom_command( - TARGET ${name} POST_BUILD + TARGET ${ARG_TARGET} POST_BUILD COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE} ${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY} - $ + ${PASS_ENTITLEMENTS} ${PASS_FORCE} + $ ) endif() endfunction()