This is an archive of the discontinued LLVM Phabricator instance.

Support codesigning bundles and forcing
ClosedPublic

Authored by beanz on May 30 2019, 10:47 AM.

Details

Summary

Clangd's framework is assembled by copying binaries from the lib and bin directories into a bundle shape. This results in an invalid bundle code signature because the signature only applies to the binaries not the resources.

This patch adds two new options to llvm_codesign to enable re-signing the library and XPC service as bundles.

The BUNDLE_PATH option allow specifying an explicit path to codesign, which enables signing bundles which aren't generated using CMake's FRAMEWORK or BUNDLE target properties.

The FORCE option allows re-signing binaries that have already been signed. This is required for how clangd exposes the clangd library and tools as both XPC and non-XPC services using the same binary.

Event Timeline

beanz created this revision.May 30 2019, 10:47 AM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptMay 30 2019, 10:47 AM
bogner accepted this revision.May 30 2019, 10:54 AM

Seems straightforward enough

This revision is now accepted and ready to land.May 30 2019, 10:54 AM
This revision was automatically updated to reflect the committed changes.