[Windows] Add support for code signing the final binaries.
authorlazydodo <github@lazydodo.com>
Wed, 31 Aug 2016 12:26:05 +0000 (06:26 -0600)
committerlazydodo <github@lazydodo.com>
Wed, 31 Aug 2016 12:26:23 +0000 (06:26 -0600)
The option is controlled with the WITH_WINDOWS_CODESIGN option and needs:

- Signtool must be found on the system, the standard windows sdk folders will be searched for it.
- The path to the pfx file (WINDOWS_CODESIGN_PFX)
- The password for the pfx , this can either be set by the WINDOWS_CODESIGN_PFX_PASSWORD variable but given that ends up in CMakeCache.txt (which might be undesirable) there is a backup option of setting the PFXPASSWORD environment variable on the system.

Reviewers: sergey, juicyfruit

Reviewed By: juicyfruit

Tags: #bf_blender, #platform:_windows

Differential Revision: https://developer.blender.org/D2182

CMakeLists.txt
build_files/cmake/macros.cmake
build_files/cmake/platform/platform_win32_msvc.cmake
source/blenderplayer/CMakeLists.txt
source/creator/CMakeLists.txt

index d7276f4417a91e9fe1b9162e956b97814fd3839d..709f8245e233ba4a0b17db776437ea851b886e28 100644 (file)
@@ -512,6 +512,15 @@ mark_as_advanced(WITH_LEGACY_DEPSGRAPH)
 option(WITH_WINDOWS_FIND_MODULES "Use find_package to locate libraries" OFF)
 mark_as_advanced(WITH_WINDOWS_FIND_MODULES)
 
+option(WITH_WINDOWS_CODESIGN "Use signtool to sign the final binary." OFF)
+mark_as_advanced(WITH_WINDOWS_CODESIGN)
+
+set(WINDOWS_CODESIGN_PFX CACHE FILEPATH  "Path to pfx file to use for codesigning.")
+mark_as_advanced(WINDOWS_CODESIGN_PFX)
+
+set(WINDOWS_CODESIGN_PFX_PASSWORD CACHE STRING  "password for pfx file used for codesigning.")
+mark_as_advanced(WINDOWS_CODESIGN_PFX_PASSWORD)
+
 # avoid using again
 option_defaults_clear()
 
index dc8b158f5c0493b2ea0f2e10dd7ec336ca45d2a7..fabb35c539e922ac4f24318b4ab8e97f4333ec14 100644 (file)
@@ -1578,3 +1578,26 @@ macro(openmp_delayload
                        endif(WITH_OPENMP)
                endif(MSVC)
 endmacro()
+
+MACRO(WINDOWS_SIGN_TARGET target)
+       if (WITH_WINDOWS_CODESIGN)
+               if (!SIGNTOOL_EXE)
+                       error("Codesigning is enabled, but signtool is not found")
+               else()
+                       if (WINDOWS_CODESIGN_PFX_PASSWORD)
+                               set(CODESIGNPASSWORD /p ${WINDOWS_CODESIGN_PFX_PASSWORD})
+                       else()
+                               if ($ENV{PFXPASSWORD})
+                                       set(CODESIGNPASSWORD /p $ENV{PFXPASSWORD})
+                               else()
+                                       message( FATAL_ERROR "WITH_WINDOWS_CODESIGN is on but WINDOWS_CODESIGN_PFX_PASSWORD not set, and environment variable PFXPASSWORD not found, unable to sign code.")
+                               endif()
+                       endif()
+                       add_custom_command(TARGET ${target}
+                                               POST_BUILD
+                                               COMMAND ${SIGNTOOL_EXE} sign /f ${WINDOWS_CODESIGN_PFX} ${CODESIGNPASSWORD} $<TARGET_FILE:${target}>
+                                               VERBATIM
+                               )
+               endif()
+       endif()
+ENDMACRO()
\ No newline at end of file
index eaa6e41c9c3edc057dc3df1af92b222cf58f424a..2772944214b86dc99879b15db71edb43ab3e52a5 100644 (file)
@@ -471,3 +471,15 @@ endif()
 
 # used in many places so include globally, like OpenGL
 blender_include_dirs_sys("${PTHREADS_INCLUDE_DIRS}")
+
+#find signtool  
+SET(ProgramFilesX86_NAME "ProgramFiles(x86)") #env dislikes the ( ) 
+find_program(SIGNTOOL_EXE signtool
+HINTS
+  "$ENV{${ProgramFilesX86_NAME}}/Windows Kits/10/bin/x86/"
+  "$ENV{ProgramFiles}/Windows Kits/10/bin/x86/"
+  "$ENV{${ProgramFilesX86_NAME}}/Windows Kits/8.1/bin/x86/"
+  "$ENV{ProgramFiles}/Windows Kits/8.1/bin/x86/"
+  "$ENV{${ProgramFilesX86_NAME}}/Windows Kits/8.0/bin/x86/"
+  "$ENV{ProgramFiles}/Windows Kits/8.0/bin/x86/"
+)
index 2748de0e7dd704ac2afee201d0006cfb05c68e94..58bebc66a3e274d6abb1cb1330d8cdfe9d58c65a 100644 (file)
@@ -58,7 +58,7 @@ if(WIN32 AND NOT UNIX)
                        blenderplayer ${EXETYPE}
                        bad_level_call_stubs/stubs.c
                        ${CMAKE_SOURCE_DIR}/release/windows/icons/winblender.rc)
-
+       WINDOWS_SIGN_TARGET(blenderplayer)
        install(TARGETS blenderplayer
                        COMPONENT Blenderplayer
                        DESTINATION ".")
index 7acea43d1f5edb47f945ec48ded83d69a76cf839..fc02dfda9d131bac1ab9a8827994418fa5969aa4 100644 (file)
@@ -263,6 +263,7 @@ if(WITH_PYTHON_MODULE)
 
 else()
        add_executable(blender ${EXETYPE} ${SRC})
+       WINDOWS_SIGN_TARGET(blender)
 endif()
 
 if(WITH_BUILDINFO)