CPackProductBuild: Add options to sign packages

Help/release/dev/cpack-productbuild-signing.rst

@@ -0,0 +1,8 @@
+cpack-productbuild-signing
+--------------------------
+
+* The :module:`CPackProductBuild` module gained options to sign packages.
+  See the variables :variable:`CPACK_PRODUCTBUILD_IDENTITY_NAME`,
+  :variable:`CPACK_PRODUCTBUILD_KEYCHAIN_PATH`,
+  :variable:`CPACK_PKGBUILD_IDENTITY_NAME`, and
+  :variable:`CPACK_PKGBUILD_KEYCHAIN_PATH`.

Modules/CPackProductBuild.cmake

@@ -20,9 +20,29 @@
 #  the automatically detected command (or specify its location if the
 #  auto-detection fails to find it.)
 #
+# .. variable:: CPACK_PRODUCTBUILD_IDENTITY_NAME
+#
+#  Adds a digital signature to the resulting package.
+#
+#
+# .. variable:: CPACK_PRODUCTBUILD_KEYCHAIN_PATH
+#
+#  Specify a specific keychain to search for the signing identity.
+#
+#
 # .. variable:: CPACK_COMMAND_PKGBUILD
 #
 #  Path to the pkgbuild(1) command used to generate an OS X component package
 #  on OS X.  This variable can be used to override the automatically detected
 #  command (or specify its location if the auto-detection fails to find it.)
 #
+#
+# .. variable:: CPACK_PKGBUILD_IDENTITY_NAME
+#
+#  Adds a digital signature to the resulting package.
+#
+#
+# .. variable:: CPACK_PKGBUILD_KEYCHAIN_PATH
+#
+#  Specify a specific keychain to search for the signing identity.
+#

Source/CPack/cmCPackProductBuildGenerator.cxx

@@ -75,6 +75,14 @@ int cmCPackProductBuildGenerator::PackageFiles()
 
   std::string version = this->GetOption("CPACK_PACKAGE_VERSION");
   std::string productbuild = this->GetOption("CPACK_COMMAND_PRODUCTBUILD");
+  std::string identityName;
+  if (const char* n = this->GetOption("CPACK_PRODUCTBUILD_IDENTITY_NAME")) {
+    identityName = n;
+  }
+  std::string keychainPath;
+  if (const char* p = this->GetOption("CPACK_PRODUCTBUILD_KEYCHAIN_PATH")) {
+    keychainPath = p;
+  }
 
   pkgCmd << productbuild << " --distribution \"" << packageDirFileName
          << "/Contents/distribution.dist\""
@@ -82,6 +90,9 @@ int cmCPackProductBuildGenerator::PackageFiles()
          << "\""
          << " --resources \"" << resDir << "\""
          << " --version \"" << version << "\""
+         << (identityName.empty() ? "" : " --sign \"" + identityName + "\"")
+         << (keychainPath.empty() ? ""
+                                  : " --keychain \"" + keychainPath + "\"")
          << " \"" << packageFileNames[0] << "\"";
 
   // Run ProductBuild
@@ -193,12 +204,23 @@ bool cmCPackProductBuildGenerator::GenerateComponentPackage(
 
   std::string version = this->GetOption("CPACK_PACKAGE_VERSION");
   std::string pkgbuild = this->GetOption("CPACK_COMMAND_PKGBUILD");
+  std::string identityName;
+  if (const char* n = this->GetOption("CPACK_PKGBUILD_IDENTITY_NAME")) {
+    identityName = n;
+  }
+  std::string keychainPath;
+  if (const char* p = this->GetOption("CPACK_PKGBUILD_KEYCHAIN_PATH")) {
+    keychainPath = p;
+  }
 
   pkgCmd << pkgbuild << " --root \"" << packageDir << "\""
          << " --identifier \"" << pkgId << "\""
          << " --scripts \"" << scriptDir << "\""
          << " --version \"" << version << "\""
          << " --install-location \"/\""
+         << (identityName.empty() ? "" : " --sign \"" + identityName + "\"")
+         << (keychainPath.empty() ? ""
+                                  : " --keychain \"" + keychainPath + "\"")
          << " \"" << packageFile << "\"";
 
   // Run ProductBuild