[xm] Support UseHardenendRuntime in code signing (#5536)
- Solves SDK portion of https://github.com/xamarin/xamarin-macios/issues/4288
This commit is contained in:
Родитель
1a3a3fbade
Коммит
5680a39c77
|
@ -249,6 +249,7 @@ Copyright (C) 2014 Xamarin. All rights reserved.
|
|||
SigningKey="$(_CodeSigningKey)"
|
||||
ExtraArgs="$(CodesignExtraArgs)"
|
||||
IsAppExtension="$(IsAppExtension)"
|
||||
UseHardenedRuntime="$(UseHardenedRuntime)"
|
||||
>
|
||||
</Codesign>
|
||||
</Target>
|
||||
|
|
|
@ -45,6 +45,8 @@ namespace Xamarin.MacDev.Tasks
|
|||
|
||||
public bool IsAppExtension { get; set; }
|
||||
|
||||
public bool UseHardenedRuntime { get; set; }
|
||||
|
||||
public string ToolExe {
|
||||
get { return toolExe ?? ToolName; }
|
||||
set { toolExe = value; }
|
||||
|
@ -93,6 +95,9 @@ namespace Xamarin.MacDev.Tasks
|
|||
if (IsAppExtension)
|
||||
args.Add ("--deep");
|
||||
|
||||
if (UseHardenedRuntime)
|
||||
args.Add ("-o runtime");
|
||||
|
||||
args.Add ("--sign");
|
||||
args.AddQuoted (SigningKey);
|
||||
|
||||
|
|
|
@ -608,6 +608,14 @@ namespace TestCase
|
|||
Assert.Fail ($"'nuget restore' failed for {project}");
|
||||
}
|
||||
}
|
||||
|
||||
public static bool InJenkins
|
||||
{
|
||||
get {
|
||||
var buildRev = Environment.GetEnvironmentVariable ("BUILD_REVISION");
|
||||
return !string.IsNullOrEmpty (buildRev) && buildRev == "jenkins";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static class PlatformHelpers
|
||||
|
|
|
@ -7,6 +7,7 @@ using System.Text;
|
|||
using NUnit.Framework;
|
||||
using System.Reflection;
|
||||
|
||||
using Xamarin.Utils;
|
||||
using Xamarin.Tests;
|
||||
|
||||
namespace Xamarin.MMP.Tests
|
||||
|
@ -696,5 +697,42 @@ namespace Xamarin.MMP.Tests
|
|||
Assert.True (buildOutput.Contains ("actool execution started with arguments"), $"Build after touching icon must run actool");
|
||||
});
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void HardenedRuntimeCodesignOption ()
|
||||
{
|
||||
// https://github.com/xamarin/xamarin-macios/issues/5653
|
||||
if (TI.InJenkins)
|
||||
Assert.Ignore ("Requires macOS entitlements on bots.");
|
||||
|
||||
RunMMPTest (tmpDir => {
|
||||
TI.UnifiedTestConfig test = new TI.UnifiedTestConfig (tmpDir) {
|
||||
CSProjConfig = "<EnableCodeSigning>true</EnableCodeSigning>"
|
||||
};
|
||||
|
||||
Func<OutputText, string> findCodesign = o => o.BuildOutput.SplitLines ().Last (x => x.Contains ("Tool /usr/bin/codesign execution started with arguments"));
|
||||
|
||||
var baseOutput = TI.TestUnifiedExecutable (test);
|
||||
string baseCodesign = findCodesign (baseOutput);
|
||||
Assert.False (baseCodesign.Contains ("-o runtime"), "Base codesign");
|
||||
|
||||
test.CSProjConfig += "<UseHardenedRuntime>true</UseHardenedRuntime><CodeSignEntitlements>Entitlements.plist</CodeSignEntitlements>";
|
||||
|
||||
const string entitlementText = @"<?xml version=""1.0"" encoding=""UTF-8"" ?>
|
||||
<!DOCTYPE plist PUBLIC ""-//Apple//DTD PLIST 1.0//EN"" ""http://www.apple.com/DTDs/PropertyList-1.0.dtd"">
|
||||
<plist version=""1.0"">
|
||||
<dict>
|
||||
<key>com.apple.security.cs.allow-jit</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>";
|
||||
|
||||
File.WriteAllText (Path.Combine (tmpDir, "Entitlements.plist"), entitlementText);
|
||||
|
||||
var hardenedOutput = TI.TestUnifiedExecutable (test);
|
||||
string hardenedCodesign = findCodesign (hardenedOutput);
|
||||
Assert.True (hardenedCodesign.Contains ("-o runtime"), "Hardened codesign");
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче