From b777aba9f66accbd335490a1beadae7adf4953aa Mon Sep 17 00:00:00 2001
From: Chris Hamons <chris.hamons@xamarin.com>
Date: Wed, 13 Mar 2019 10:54:01 -0500
Subject: [PATCH] [msbuild] Xamarin.Mac Notary Support (#5754)

* Add --timestamp to hardened XM builds and --timestamp=none to rest
---
 msbuild/Xamarin.Mac.Tasks/Xamarin.Mac.Common.targets       | 2 ++
 .../Xamarin.MacDev.Tasks.Core/Tasks/CodesignTaskBase.cs    | 7 +++++++
 tests/mmptest/src/MMPTest.cs                               | 3 +++
 3 files changed, 12 insertions(+)

diff --git a/msbuild/Xamarin.Mac.Tasks/Xamarin.Mac.Common.targets b/msbuild/Xamarin.Mac.Tasks/Xamarin.Mac.Common.targets
index 6c212efe25..d3315d36d6 100644
--- a/msbuild/Xamarin.Mac.Tasks/Xamarin.Mac.Common.targets
+++ b/msbuild/Xamarin.Mac.Tasks/Xamarin.Mac.Common.targets
@@ -201,6 +201,7 @@ Copyright (C) 2014 Xamarin. All rights reserved.
 			SigningKey="$(_CodeSigningKey)"
 			ExtraArgs="$(CodesignExtraArgs)"
 			IsAppExtension="$(IsAppExtension)"
+			UseSecureTimestamp="$(UseHardenedRuntime)"
 			>
 		</Codesign>
 	</Target>
@@ -250,6 +251,7 @@ Copyright (C) 2014 Xamarin. All rights reserved.
 			ExtraArgs="$(CodesignExtraArgs)"
 			IsAppExtension="$(IsAppExtension)"
 			UseHardenedRuntime="$(UseHardenedRuntime)"
+			UseSecureTimestamp="$(UseHardenedRuntime)"
 			>
 		</Codesign>
 	</Target>
diff --git a/msbuild/Xamarin.MacDev.Tasks.Core/Tasks/CodesignTaskBase.cs b/msbuild/Xamarin.MacDev.Tasks.Core/Tasks/CodesignTaskBase.cs
index f69759d3de..74fe43a7f4 100644
--- a/msbuild/Xamarin.MacDev.Tasks.Core/Tasks/CodesignTaskBase.cs
+++ b/msbuild/Xamarin.MacDev.Tasks.Core/Tasks/CodesignTaskBase.cs
@@ -46,6 +46,8 @@ namespace Xamarin.MacDev.Tasks
 		public bool IsAppExtension { get; set; }
 
 		public bool UseHardenedRuntime { get; set; }
+		
+		public bool UseSecureTimestamp { get; set; }
 
 		public string ToolExe {
 			get { return toolExe ?? ToolName; }
@@ -98,6 +100,11 @@ namespace Xamarin.MacDev.Tasks
 			if (UseHardenedRuntime)
 				args.Add ("-o runtime");
 
+			if (UseSecureTimestamp)
+				args.Add ("--timestamp");
+			else
+				args.Add ("--timestamp=none");
+
 			args.Add ("--sign");
 			args.AddQuoted (SigningKey);
 
diff --git a/tests/mmptest/src/MMPTest.cs b/tests/mmptest/src/MMPTest.cs
index a2559d7a33..342ae98c75 100644
--- a/tests/mmptest/src/MMPTest.cs
+++ b/tests/mmptest/src/MMPTest.cs
@@ -715,6 +715,7 @@ namespace Xamarin.MMP.Tests
 				var baseOutput = TI.TestUnifiedExecutable (test);
 				string baseCodesign = findCodesign (baseOutput);
 				Assert.False (baseCodesign.Contains ("-o runtime"), "Base codesign");
+				Assert.True (baseCodesign.Contains ("--timestamp=none"), "Base codesign timestamp");
 
 				test.CSProjConfig += "<UseHardenedRuntime>true</UseHardenedRuntime><CodeSignEntitlements>Entitlements.plist</CodeSignEntitlements>";
 
@@ -732,6 +733,8 @@ namespace Xamarin.MMP.Tests
 				var hardenedOutput = TI.TestUnifiedExecutable (test);
 				string hardenedCodesign = findCodesign (hardenedOutput);
 				Assert.True (hardenedCodesign.Contains ("-o runtime"), "Hardened codesign");
+				Assert.True (hardenedCodesign.Contains ("--timestamp"), "Hardened codesign timestamp");
+
 			});
 		}
 	}