This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/cmake/modules/
-
cmake/
-
modules/
-
AddLLVM.cmake

Differential D89343

[cmake] Unconditionally set the force flag when codesigning
ClosedPublic

Authored by vsk on Oct 13 2020, 2:29 PM.

Download Raw Diff

Details

Reviewers

kastiglione
JDevlieghere
friss

Commits

rG24c1660ac5d7: [cmake] Unconditionally set the force flag when codesigning

Summary

The Darwin linker now defaults to ad hoc signing binaries when targeting
Apple Silicon. This creates a problem when configuring targets that must
be built with entitlements: we either need to add -Wl,-no_adhoc_codesign
when building the target, or sign with the force flag set to allow
replacing a pre-existing signature.

Unconditionally force-signing is the more convenient solution. This
doesn't require a ld64 version check, and it's a much less invasive
cmake change.

Patch by Fred Riss!

rdar://70237254

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

vsk created this revision.Oct 13 2020, 2:29 PM

Herald added a project: Restricted Project. · View Herald TranscriptOct 13 2020, 2:29 PM

Herald added a subscriber: mgorny. · View Herald Transcript

vsk requested review of this revision.Oct 13 2020, 2:29 PM

Harbormaster completed remote builds in B74978: Diff 297961.Oct 13 2020, 3:11 PM

This doesn't require a ld64 version check, and it's a much less invasive cmake change.

Was there consideration about using an arch check, and only doing this for Apple Silicon targets? I think this is fine too, just wanting to cover the bases.

This revision is now accepted and ready to land.Oct 13 2020, 4:40 PM

In D89343#2328892, @kastiglione wrote:

This doesn't require a ld64 version check, and it's a much less invasive cmake change.

Was there consideration about using an arch check, and only doing this for Apple Silicon targets? I think this is fine too, just wanting to cover the bases.

I actually hadn't considered that. We do have <TARGET_FILE:${name}>, so we could conceivably derive the target architecture from there and avoid setting force_flag on Intel. I'm not sure the added complexity is warranted though.

Closed by commit rG24c1660ac5d7: [cmake] Unconditionally set the force flag when codesigning (authored by vsk). · Explain WhyOct 13 2020, 4:51 PM

This revision was automatically updated to reflect the committed changes.

vsk added a commit: rG24c1660ac5d7: [cmake] Unconditionally set the force flag when codesigning.

Revision Contents

Path

Size

llvm/

cmake/

modules/

AddLLVM.cmake

7 lines

Diff 297996

llvm/cmake/modules/AddLLVM.cmake

Show First 20 Lines • Show All 2,020 Lines • ▼ Show 20 Lines	elseif(APPLE AND CMAKE_HOST_SYSTEM_NAME MATCHES Darwin)
if(DEFINED ARG_ENTITLEMENTS)		if(DEFINED ARG_ENTITLEMENTS)
set(pass_entitlements --entitlements ${ARG_ENTITLEMENTS})		set(pass_entitlements --entitlements ${ARG_ENTITLEMENTS})
endif()		endif()

if (NOT ARG_BUNDLE_PATH)		if (NOT ARG_BUNDLE_PATH)
set(ARG_BUNDLE_PATH $<TARGET_FILE:${name}>)		set(ARG_BUNDLE_PATH $<TARGET_FILE:${name}>)
endif()		endif()

if(ARG_FORCE)		# ld64 now always codesigns the binaries it creates. Apply the force arg
		# unconditionally so that we can - for example - add entitlements to the
		# targets that need it.
set(force_flag "-f")		set(force_flag "-f")
endif()

add_custom_command(		add_custom_command(
TARGET ${name} POST_BUILD		TARGET ${name} POST_BUILD
COMMAND ${CMAKE_COMMAND} -E		COMMAND ${CMAKE_COMMAND} -E
env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}		env CODESIGN_ALLOCATE=${CMAKE_CODESIGN_ALLOCATE}
${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}		${CMAKE_CODESIGN} -s ${LLVM_CODESIGNING_IDENTITY}
${pass_entitlements} ${force_flag} ${ARG_BUNDLE_PATH}		${pass_entitlements} ${force_flag} ${ARG_BUNDLE_PATH}
)		)
▲ Show 20 Lines • Show All 82 Lines • Show Last 20 Lines