[Bf-blender-cvs] [8fb9f2d] master: [Windows] Add support for code signing the final binaries.
lazydodo
noreply at git.blender.org
Wed Aug 31 14:26:31 CEST 2016
Commit: 8fb9f2dbe9cb69476bf1f98c8503e5acd446c5b0
Author: lazydodo
Date: Wed Aug 31 06:26:05 2016 -0600
Branches: master
https://developer.blender.org/rB8fb9f2dbe9cb69476bf1f98c8503e5acd446c5b0
[Windows] Add support for code signing the final binaries.
The option is controlled with the WITH_WINDOWS_CODESIGN option and needs:
- Signtool must be found on the system, the standard windows sdk folders will be searched for it.
- The path to the pfx file (WINDOWS_CODESIGN_PFX)
- The password for the pfx , this can either be set by the WINDOWS_CODESIGN_PFX_PASSWORD variable but given that ends up in CMakeCache.txt (which might be undesirable) there is a backup option of setting the PFXPASSWORD environment variable on the system.
Reviewers: sergey, juicyfruit
Reviewed By: juicyfruit
Tags: #bf_blender, #platform:_windows
Differential Revision: https://developer.blender.org/D2182
===================================================================
M CMakeLists.txt
M build_files/cmake/macros.cmake
M build_files/cmake/platform/platform_win32_msvc.cmake
M source/blenderplayer/CMakeLists.txt
M source/creator/CMakeLists.txt
===================================================================
diff --git a/CMakeLists.txt b/CMakeLists.txt
index d7276f4..709f824 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -512,6 +512,15 @@ mark_as_advanced(WITH_LEGACY_DEPSGRAPH)
option(WITH_WINDOWS_FIND_MODULES "Use find_package to locate libraries" OFF)
mark_as_advanced(WITH_WINDOWS_FIND_MODULES)
+option(WITH_WINDOWS_CODESIGN "Use signtool to sign the final binary." OFF)
+mark_as_advanced(WITH_WINDOWS_CODESIGN)
+
+set(WINDOWS_CODESIGN_PFX CACHE FILEPATH "Path to pfx file to use for codesigning.")
+mark_as_advanced(WINDOWS_CODESIGN_PFX)
+
+set(WINDOWS_CODESIGN_PFX_PASSWORD CACHE STRING "password for pfx file used for codesigning.")
+mark_as_advanced(WINDOWS_CODESIGN_PFX_PASSWORD)
+
# avoid using again
option_defaults_clear()
diff --git a/build_files/cmake/macros.cmake b/build_files/cmake/macros.cmake
index dc8b158..fabb35c 100644
--- a/build_files/cmake/macros.cmake
+++ b/build_files/cmake/macros.cmake
@@ -1578,3 +1578,26 @@ macro(openmp_delayload
endif(WITH_OPENMP)
endif(MSVC)
endmacro()
+
+MACRO(WINDOWS_SIGN_TARGET target)
+ if (WITH_WINDOWS_CODESIGN)
+ if (!SIGNTOOL_EXE)
+ error("Codesigning is enabled, but signtool is not found")
+ else()
+ if (WINDOWS_CODESIGN_PFX_PASSWORD)
+ set(CODESIGNPASSWORD /p ${WINDOWS_CODESIGN_PFX_PASSWORD})
+ else()
+ if ($ENV{PFXPASSWORD})
+ set(CODESIGNPASSWORD /p $ENV{PFXPASSWORD})
+ else()
+ message( FATAL_ERROR "WITH_WINDOWS_CODESIGN is on but WINDOWS_CODESIGN_PFX_PASSWORD not set, and environment variable PFXPASSWORD not found, unable to sign code.")
+ endif()
+ endif()
+ add_custom_command(TARGET ${target}
+ POST_BUILD
+ COMMAND ${SIGNTOOL_EXE} sign /f ${WINDOWS_CODESIGN_PFX} ${CODESIGNPASSWORD} $<TARGET_FILE:${target}>
+ VERBATIM
+ )
+ endif()
+ endif()
+ENDMACRO()
\ No newline at end of file
diff --git a/build_files/cmake/platform/platform_win32_msvc.cmake b/build_files/cmake/platform/platform_win32_msvc.cmake
index eaa6e41..2772944 100644
--- a/build_files/cmake/platform/platform_win32_msvc.cmake
+++ b/build_files/cmake/platform/platform_win32_msvc.cmake
@@ -471,3 +471,15 @@ endif()
# used in many places so include globally, like OpenGL
blender_include_dirs_sys("${PTHREADS_INCLUDE_DIRS}")
+
+#find signtool
+SET(ProgramFilesX86_NAME "ProgramFiles(x86)") #env dislikes the ( )
+find_program(SIGNTOOL_EXE signtool
+HINTS
+ "$ENV{${ProgramFilesX86_NAME}}/Windows Kits/10/bin/x86/"
+ "$ENV{ProgramFiles}/Windows Kits/10/bin/x86/"
+ "$ENV{${ProgramFilesX86_NAME}}/Windows Kits/8.1/bin/x86/"
+ "$ENV{ProgramFiles}/Windows Kits/8.1/bin/x86/"
+ "$ENV{${ProgramFilesX86_NAME}}/Windows Kits/8.0/bin/x86/"
+ "$ENV{ProgramFiles}/Windows Kits/8.0/bin/x86/"
+)
diff --git a/source/blenderplayer/CMakeLists.txt b/source/blenderplayer/CMakeLists.txt
index 2748de0..58bebc6 100644
--- a/source/blenderplayer/CMakeLists.txt
+++ b/source/blenderplayer/CMakeLists.txt
@@ -58,7 +58,7 @@ if(WIN32 AND NOT UNIX)
blenderplayer ${EXETYPE}
bad_level_call_stubs/stubs.c
${CMAKE_SOURCE_DIR}/release/windows/icons/winblender.rc)
-
+ WINDOWS_SIGN_TARGET(blenderplayer)
install(TARGETS blenderplayer
COMPONENT Blenderplayer
DESTINATION ".")
diff --git a/source/creator/CMakeLists.txt b/source/creator/CMakeLists.txt
index 7acea43..fc02dfd 100644
--- a/source/creator/CMakeLists.txt
+++ b/source/creator/CMakeLists.txt
@@ -263,6 +263,7 @@ if(WITH_PYTHON_MODULE)
else()
add_executable(blender ${EXETYPE} ${SRC})
+ WINDOWS_SIGN_TARGET(blender)
endif()
if(WITH_BUILDINFO)
More information about the Bf-blender-cvs
mailing list