diff options
author | lazydodo <github@lazydodo.com> | 2016-08-31 15:26:05 +0300 |
---|---|---|
committer | lazydodo <github@lazydodo.com> | 2016-08-31 15:26:23 +0300 |
commit | 8fb9f2dbe9cb69476bf1f98c8503e5acd446c5b0 (patch) | |
tree | ab93752f669309bd0b4774a7dd55eace1f95e919 | |
parent | b06a70323c1ae8ead6e1249b70a201fff36c660f (diff) |
[Windows] Add support for code signing the final binaries.
The option is controlled with the WITH_WINDOWS_CODESIGN option and needs:
- Signtool must be found on the system, the standard windows sdk folders will be searched for it.
- The path to the pfx file (WINDOWS_CODESIGN_PFX)
- The password for the pfx , this can either be set by the WINDOWS_CODESIGN_PFX_PASSWORD variable but given that ends up in CMakeCache.txt (which might be undesirable) there is a backup option of setting the PFXPASSWORD environment variable on the system.
Reviewers: sergey, juicyfruit
Reviewed By: juicyfruit
Tags: #bf_blender, #platform:_windows
Differential Revision: https://developer.blender.org/D2182
-rw-r--r-- | CMakeLists.txt | 9 | ||||
-rw-r--r-- | build_files/cmake/macros.cmake | 23 | ||||
-rw-r--r-- | build_files/cmake/platform/platform_win32_msvc.cmake | 12 | ||||
-rw-r--r-- | source/blenderplayer/CMakeLists.txt | 2 | ||||
-rw-r--r-- | source/creator/CMakeLists.txt | 1 |
5 files changed, 46 insertions, 1 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index d7276f4417a..709f8245e23 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -512,6 +512,15 @@ mark_as_advanced(WITH_LEGACY_DEPSGRAPH) option(WITH_WINDOWS_FIND_MODULES "Use find_package to locate libraries" OFF) mark_as_advanced(WITH_WINDOWS_FIND_MODULES) +option(WITH_WINDOWS_CODESIGN "Use signtool to sign the final binary." OFF) +mark_as_advanced(WITH_WINDOWS_CODESIGN) + +set(WINDOWS_CODESIGN_PFX CACHE FILEPATH "Path to pfx file to use for codesigning.") +mark_as_advanced(WINDOWS_CODESIGN_PFX) + +set(WINDOWS_CODESIGN_PFX_PASSWORD CACHE STRING "password for pfx file used for codesigning.") +mark_as_advanced(WINDOWS_CODESIGN_PFX_PASSWORD) + # avoid using again option_defaults_clear() diff --git a/build_files/cmake/macros.cmake b/build_files/cmake/macros.cmake index dc8b158f5c0..fabb35c539e 100644 --- a/build_files/cmake/macros.cmake +++ b/build_files/cmake/macros.cmake @@ -1578,3 +1578,26 @@ macro(openmp_delayload endif(WITH_OPENMP) endif(MSVC) endmacro() + +MACRO(WINDOWS_SIGN_TARGET target) + if (WITH_WINDOWS_CODESIGN) + if (!SIGNTOOL_EXE) + error("Codesigning is enabled, but signtool is not found") + else() + if (WINDOWS_CODESIGN_PFX_PASSWORD) + set(CODESIGNPASSWORD /p ${WINDOWS_CODESIGN_PFX_PASSWORD}) + else() + if ($ENV{PFXPASSWORD}) + set(CODESIGNPASSWORD /p $ENV{PFXPASSWORD}) + else() + message( FATAL_ERROR "WITH_WINDOWS_CODESIGN is on but WINDOWS_CODESIGN_PFX_PASSWORD not set, and environment variable PFXPASSWORD not found, unable to sign code.") + endif() + endif() + add_custom_command(TARGET ${target} + POST_BUILD + COMMAND ${SIGNTOOL_EXE} sign /f ${WINDOWS_CODESIGN_PFX} ${CODESIGNPASSWORD} $<TARGET_FILE:${target}> + VERBATIM + ) + endif() + endif() +ENDMACRO()
\ No newline at end of file diff --git a/build_files/cmake/platform/platform_win32_msvc.cmake b/build_files/cmake/platform/platform_win32_msvc.cmake index eaa6e41c9c3..2772944214b 100644 --- a/build_files/cmake/platform/platform_win32_msvc.cmake +++ b/build_files/cmake/platform/platform_win32_msvc.cmake @@ -471,3 +471,15 @@ endif() # used in many places so include globally, like OpenGL blender_include_dirs_sys("${PTHREADS_INCLUDE_DIRS}") + +#find signtool +SET(ProgramFilesX86_NAME "ProgramFiles(x86)") #env dislikes the ( ) +find_program(SIGNTOOL_EXE signtool +HINTS + "$ENV{${ProgramFilesX86_NAME}}/Windows Kits/10/bin/x86/" + "$ENV{ProgramFiles}/Windows Kits/10/bin/x86/" + "$ENV{${ProgramFilesX86_NAME}}/Windows Kits/8.1/bin/x86/" + "$ENV{ProgramFiles}/Windows Kits/8.1/bin/x86/" + "$ENV{${ProgramFilesX86_NAME}}/Windows Kits/8.0/bin/x86/" + "$ENV{ProgramFiles}/Windows Kits/8.0/bin/x86/" +) diff --git a/source/blenderplayer/CMakeLists.txt b/source/blenderplayer/CMakeLists.txt index 2748de0e7dd..58bebc66a3e 100644 --- a/source/blenderplayer/CMakeLists.txt +++ b/source/blenderplayer/CMakeLists.txt @@ -58,7 +58,7 @@ if(WIN32 AND NOT UNIX) blenderplayer ${EXETYPE} bad_level_call_stubs/stubs.c ${CMAKE_SOURCE_DIR}/release/windows/icons/winblender.rc) - + WINDOWS_SIGN_TARGET(blenderplayer) install(TARGETS blenderplayer COMPONENT Blenderplayer DESTINATION ".") diff --git a/source/creator/CMakeLists.txt b/source/creator/CMakeLists.txt index 7acea43d1f5..fc02dfda9d1 100644 --- a/source/creator/CMakeLists.txt +++ b/source/creator/CMakeLists.txt @@ -263,6 +263,7 @@ if(WITH_PYTHON_MODULE) else() add_executable(blender ${EXETYPE} ${SRC}) + WINDOWS_SIGN_TARGET(blender) endif() if(WITH_BUILDINFO) |