From 68e3c51eba9818587729af5019f75e5d5d7723b3 Mon Sep 17 00:00:00 2001 From: Tom Dewey Date: Wed, 11 Sep 2024 16:00:59 +0100 Subject: [PATCH] cmake: Windows code signing fixes --- src/CMakeLists.txt | 45 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 38 insertions(+), 7 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 6973e3c..87286c1 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -27,7 +27,7 @@ if (WIN32) endif() if (APPLE) - set(IMAGER_SIGNED_APP OFF CACHE BOOL "Perform singing of the Imager .app as part of the build") + set(IMAGER_SIGNED_APP OFF CACHE BOOL "Perform signing of the Imager .app as part of the build") set(IMAGER_SIGNING_IDENTITY "" CACHE STRING "The Developer Identity to use for signing.") set(IMAGER_NOTARIZE_APP OFF CACHE BOOL "Perform notarization of the Imager .dmg as part of the build") set(IMAGER_NOTARIZE_KEYCHAIN_PROFILE "" CACHE STRING "The name of the Keychain item containing your notarization credentials") @@ -320,10 +320,41 @@ if (WIN32) POST_BUILD COMMAND ${CMAKE_STRIP} "${CMAKE_BINARY_DIR}/${PROJECT_NAME}.exe") - # Code signing - find_program(SIGNTOOL "signtool.exe" PATHS - "c:/Program Files (x86)/Microsoft SDKs/ClickOnce/SignTool" - "c:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64") + # Borrowed from the 'mstdlib' project: Code signing + # First, determine our build architecture + if (CMAKE_SIZEOF_VOID_P EQUAL 8) + set(arch x64) + else () + set(arch x86) + endif () + # + # Now find signtool + if (NOT SIGNTOOL) + # Try to list all Windows 10 SDK versions, if any. + set(win10_kit_versions) + set(regkey "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows Kits\\Installed Roots") + set(regval "KitsRoot10") + # Note: must be a cache operation in order to read from the registry. + get_filename_component(w10_kits_path "[${regkey};${regval}]" ABSOLUTE CACHE) + if (w10_kits_path) + message(WARNING "Found Windows 10 kits path: ${w10_kits_path}") + file(GLOB w10_kit_versions "${w10_kits_path}/bin/10.*") + # Reverse list, so newer (higher-numbered) versions appear first. + list(REVERSE w10_kit_versions) + endif () + unset(w10_kits_path CACHE) + if (w10_kit_versions) + find_program(SIGNTOOL + NAMES signtool + PATHS ${w10_kit_versions} + PATH_SUFFIXES ${arch} + bin/${arch} + bin + NO_DEFAULT_PATH + ) + endif () + endif () + if (NOT SIGNTOOL) message(FATAL_ERROR "Unable to locate signtool.exe used for code signing") endif() @@ -338,7 +369,7 @@ if (WIN32) COMMAND "${SIGNTOOL}" sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a "${CMAKE_BINARY_DIR}/dependencies/fat32format/fat32format.exe") # Windeploy - find_program(WINDEPLOYQT "windeployqt.exe" PATHS "${${QT}_DIR}/../../../bin") + find_program(WINDEPLOYQT "windeployqt.exe" PATHS "${Qt6_ROOT}/bin") if (NOT WINDEPLOYQT) message(FATAL_ERROR "Unable to locate windeployqt.exe") endif() @@ -464,4 +495,4 @@ else() endif() include_directories(${CURL_INCLUDE_DIR} ${LibArchive_INCLUDE_DIR} ${LIBLZMA_INCLUDE_DIRS} ${LIBDRM_INCLUDE_DIRS} ${ZLIB_INCLUDE_DIRS} ${ZSTD_INCLUDE_DIR}) -target_link_libraries(${PROJECT_NAME} PRIVATE ${QT}::Core ${QT}::Quick ${QT}::Svg ${CURL_LIBRARIES} ${LibArchive_LIBRARIES} ${ZSTD_LIBRARIES} ${ZLIB_LIBRARIES} ${LIBLZMA_LIBRARIES} ${LIBDRM_LIBRARIES} ${ATOMIC_LIBRARY} ${EXTRALIBS}) +target_link_libraries(${PROJECT_NAME} PRIVATE ${QT}::Core ${QT}::Quick ${QT}::Svg ${CURL_LIBRARIES} ${LibArchive_LIBRARIES} ${ZSTD_LIBRARIES} ${ZLIB_LIBRARIES} ${LIBLZMA_LIBRARIES} ${LIBDRM_LIBRARIES} ${ATOMIC_LIBRARY} ${EXTRALIBS}) \ No newline at end of file