This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/trunk/cmake/modules/
-
trunk/
-
cmake/
-
modules/
-
AddLLVM.cmake

Differential D55116

[CMake] llvm_codesign workaround for Xcode double-signing errors
ClosedPublic

Authored by sgraenitz on Nov 30 2018, 4:06 AM.

Download Raw Diff

Details

Reviewers

beanz
kubamracek

Commits

rG405c5109e252: [CMake] llvm_codesign workaround for Xcode double-signing errors
rL349070: [CMake] llvm_codesign workaround for Xcode double-signing errors

Summary

When using Xcode to build LLVM with code signing, the post-build rule is executed even if the actual build-step was skipped. This causes double-signing errors. We can currently only avoid it by passing the --force flag.

Plus some polishing for my previous patch D54443.

Diff Detail

Repository: rL LLVM

Event Timeline

sgraenitz created this revision.Nov 30 2018, 4:06 AM

Herald added a subscriber: mgorny. · View Herald TranscriptNov 30 2018, 4:06 AM

Harbormaster completed remote builds in B25535: Diff 176081.Nov 30 2018, 4:06 AM

One more note here about the --force parameter (which we shortly discussed in D54443): When using Xcode for testing multi-config generators, I run into double signing issues. I didn't investigate in detail yet, but I am slightly in favor of hardcoding it in the codesign invocation now.
Is it possible that Xcode runs PostBuild even if it did not actually regenerate the binary? With Ninja all goes well.

Link /path/to/xcode/RelWithDebInfo/bin/llvm-tblgen
Run custom shell script 'CMake PostBuild Rules'
  xcrun dsymutil /path/to/xcode/RelWithDebInfo/bin/llvm-tblgen
  warning: no debug symbols in executable (-arch x86_64)
  /.../usr/bin/strip -Sxl /path/to/xcode/RelWithDebInfo/bin/llvm-tblgen
  /.../usr/bin/strip: changes being made to the file will invalidate the code signature in: /path/to/xcode/RelWithDebInfo/bin/llvm-tblgen
  /.../usr/local/bin/cmake -E env CODESIGN_ALLOCATE=/.../usr/bin/codesign_allocate xcrun codesign -s lldb_codesign /path/to/xcode/RelWithDebInfo/bin/llvm-tblgen /path/to/xcode/RelWithDebInfo/bin/llvm-tblgen: is already signed
  make: *** [llvm-tblgen_buildpart_1] Error 1
  Command /bin/sh failed with exit code 2

Add --force parameter

Harbormaster completed remote builds in B25738: Diff 176844.Dec 5 2018, 9:20 AM

Add --force flag when using the Xcode generator to avoid double-signing errors

Harbormaster completed remote builds in B25953: Diff 177874.Dec 12 2018, 9:52 AM

sgraenitz retitled this revision from [CMake] llvm_codesign polishing to [CMake] llvm_codesign workaround for Xcode double-signing errors.Dec 12 2018, 10:07 AM

sgraenitz edited the summary of this revision. (Show Details)

sgraenitz added a reviewer: kubamracek.

sgraenitz added a subscriber: Restricted Project.

I'd slightly prefer to use --force for *all* builds, not just Xcode builds, to have uniformity. But LGTM even in this form if you feel strongly about it.

This revision is now accepted and ready to land.Dec 12 2018, 11:29 AM

Ninja builds work well without it. In order to catch actual double-signing problems here, I would prefer to pass it only in case of Xcode generator.

Closed by commit rL349070: [CMake] llvm_codesign workaround for Xcode double-signing errors (authored by stefan.graenitz). · Explain WhyDec 13 2018, 10:54 AM

This revision was automatically updated to reflect the committed changes.

Herald added a subscriber: michaelplatings. · View Herald TranscriptDec 13 2018, 10:54 AM

Sorry for being behind on this, but I don't think this is the right solution to the problem.

I don't think we should ever pass --force. To avoid duplicate code signing when using the Xcode generator we should set the XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY target property so that Xcode actually knows what signing identity to use and can properly build the target.

Fair enough. Will create a ticket for it. At least this works for now.

michaelplatings removed a subscriber: michaelplatings.Dec 14 2018, 1:15 AM

sgraenitz mentioned this in D55816: [CMake] Use XCODE_ATTRIBUTE properties for code signing and entitlements in Xcode.Dec 18 2018, 2:56 AM

Diffusion mentioned this in rL350383: [CMake] Use XCODE_ATTRIBUTE properties for code signing and entitlements in….Jan 4 2019, 1:26 AM

sgraenitz mentioned this in D65566: [lldb][CMake] Workaround debugserver code-signing issue in generated Xcode project.Aug 1 2019, 2:31 AM

Diffusion mentioned this in rL368151: [lldb][CMake] Workaround debugserver code-signing issue in generated Xcode….Aug 7 2019, 4:01 AM

sgraenitz mentioned this in rGf24100179306: [lldb][CMake] Workaround debugserver code-signing issue in generated Xcode….Aug 7 2019, 4:04 AM

Revision Contents

Path

Size

llvm/

trunk/

cmake/

modules/

AddLLVM.cmake

25 lines

Diff 178095

llvm/trunk/cmake/modules/AddLLVM.cmake

Show First 20 Lines • Show All 578 Lines • ▼ Show 20 Lines	if(LLVM_COMMON_DEPENDS)
# CMake issue 14747 -- add_dependencies() might be ignored to objlib's user.		# CMake issue 14747 -- add_dependencies() might be ignored to objlib's user.
foreach(objlib ${objlibs})		foreach(objlib ${objlibs})
add_dependencies(${objlib} ${LLVM_COMMON_DEPENDS})		add_dependencies(${objlib} ${LLVM_COMMON_DEPENDS})
endforeach()		endforeach()
endif()		endif()

if(ARG_SHARED OR ARG_MODULE)		if(ARG_SHARED OR ARG_MODULE)
llvm_externalize_debuginfo(${name})		llvm_externalize_debuginfo(${name})
llvm_codesign(TARGET ${name})		llvm_codesign(${name})
endif()		endif()
endfunction()		endfunction()

function(add_llvm_install_targets target)		function(add_llvm_install_targets target)
cmake_parse_arguments(ARG "" "COMPONENT;PREFIX" "DEPENDS" ${ARGN})		cmake_parse_arguments(ARG "" "COMPONENT;PREFIX" "DEPENDS" ${ARGN})
if(ARG_COMPONENT)		if(ARG_COMPONENT)
set(component_option -DCMAKE_INSTALL_COMPONENT="${ARG_COMPONENT}")		set(component_option -DCMAKE_INSTALL_COMPONENT="${ARG_COMPONENT}")
endif()		endif()
▲ Show 20 Lines • Show All 195 Lines • ▼ Show 20 Lines	macro(add_llvm_executable name)
endif()		endif()
if (LLVM_PTHREAD_LIB)		if (LLVM_PTHREAD_LIB)
# libpthreads overrides some standard library symbols, so main		# libpthreads overrides some standard library symbols, so main
# executable must be linked with it in order to provide consistent		# executable must be linked with it in order to provide consistent
# API for all shared libaries loaded by this executable.		# API for all shared libaries loaded by this executable.
target_link_libraries(${name} PRIVATE ${LLVM_PTHREAD_LIB})		target_link_libraries(${name} PRIVATE ${LLVM_PTHREAD_LIB})
endif()		endif()

llvm_codesign(TARGET ${name} ENTITLEMENTS ${ARG_ENTITLEMENTS})		llvm_codesign(${name} ENTITLEMENTS ${ARG_ENTITLEMENTS})
endmacro(add_llvm_executable name)		endmacro(add_llvm_executable name)

function(export_executable_symbols target)		function(export_executable_symbols target)
if (LLVM_EXPORTED_SYMBOL_FILE)		if (LLVM_EXPORTED_SYMBOL_FILE)
# The symbol file should contain the symbols we want the executable to		# The symbol file should contain the symbols we want the executable to
# export		# export
set_target_properties(${target} PROPERTIES ENABLE_EXPORTS 1)		set_target_properties(${target} PROPERTIES ENABLE_EXPORTS 1)
elseif (LLVM_EXPORT_SYMBOLS_FOR_PLUGINS)		elseif (LLVM_EXPORT_SYMBOLS_FOR_PLUGINS)
▲ Show 20 Lines • Show All 822 Lines • ▼ Show 20 Lines	else()
add_custom_command(TARGET ${name} POST_BUILD		add_custom_command(TARGET ${name} POST_BUILD
COMMAND ${CMAKE_OBJCOPY} --only-keep-debug $<TARGET_FILE:${name}> $<TARGET_FILE:${name}>.debug		COMMAND ${CMAKE_OBJCOPY} --only-keep-debug $<TARGET_FILE:${name}> $<TARGET_FILE:${name}>.debug
${strip_command} -R .gnu_debuglink		${strip_command} -R .gnu_debuglink
COMMAND ${CMAKE_OBJCOPY} --add-gnu-debuglink=$<TARGET_FILE:${name}>.debug $<TARGET_FILE:${name}>		COMMAND ${CMAKE_OBJCOPY} --add-gnu-debuglink=$<TARGET_FILE:${name}>.debug $<TARGET_FILE:${name}>
)		)
endif()		endif()
endfunction()		endfunction()

# Usage: llvm_codesign(TARGET name [ENTITLEMENTS file])		# Usage: llvm_codesign(name [ENTITLEMENTS file])
#		function(llvm_codesign name)
# Code-sign the given TARGET with the global LLVM_CODESIGNING_IDENTITY or skip		cmake_parse_arguments(ARG "" "ENTITLEMENTS" "" ${ARGN})
# if undefined. Customize capabilities by passing a file path to ENTITLEMENTS.
#
function(llvm_codesign)
cmake_parse_arguments(ARG "" "TARGET;ENTITLEMENTS" "" ${ARGN})

if(NOT LLVM_CODESIGNING_IDENTITY)		if(NOT LLVM_CODESIGNING_IDENTITY)
return()		return()
endif()		endif()

if(APPLE)		if(APPLE)
if(NOT CMAKE_CODESIGN)		if(NOT CMAKE_CODESIGN)
set(CMAKE_CODESIGN xcrun codesign)		set(CMAKE_CODESIGN xcrun codesign)
endif()		endif()
if(NOT CMAKE_CODESIGN_ALLOCATE)		if(NOT CMAKE_CODESIGN_ALLOCATE)
execute_process(		execute_process(
COMMAND xcrun -f codesign_allocate		COMMAND xcrun -f codesign_allocate
OUTPUT_STRIP_TRAILING_WHITESPACE		OUTPUT_STRIP_TRAILING_WHITESPACE
OUTPUT_VARIABLE CMAKE_CODESIGN_ALLOCATE		OUTPUT_VARIABLE CMAKE_CODESIGN_ALLOCATE
)		)
endif()		endif()
if(DEFINED ARG_ENTITLEMENTS)		if(DEFINED ARG_ENTITLEMENTS)
set(PASS_ENTITLEMENTS --entitlements ${ARG_ENTITLEMENTS})		set(pass_entitlements --entitlements ${ARG_ENTITLEMENTS})
		endif()
		if(CMAKE_GENERATOR STREQUAL "Xcode")
		# Avoid double-signing error: Since output overwrites input, Xcode runs
		# the post-build rule even if the actual build-step was skipped.
		set(pass_force --force)
endif()		endif()

add_custom_command(		add_custom_command(
TARGET ${ARG_TARGET} POST_BUILD		TARGET ${name} POST_BUILD
COMMAND ${CMAKE_COMMAND} -E		COMMAND ${CMAKE_COMMAND} -E
env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}		env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}
${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}		${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}
${PASS_ENTITLEMENTS} $<TARGET_FILE:${ARG_TARGET}>		${pass_entitlements} ${pass_force} $<TARGET_FILE:${name}>
)		)
endif()		endif()
endfunction()		endfunction()

function(llvm_setup_rpath name)		function(llvm_setup_rpath name)
if(CMAKE_INSTALL_RPATH)		if(CMAKE_INSTALL_RPATH)
return()		return()
endif()		endif()
▲ Show 20 Lines • Show All 79 Lines • Show Last 20 Lines