-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Best way to handle post-build commands? #2957
Comments
Are these tools also idempotent? i.e., if run on the same executable twice will it leave the executable unchanged? |
I was about to write a new issue when github pointed me at this one :-) signtool is usually run with a timestamp server so every time you run it, you will have a different certificate attached. What I would like to do is build many executables, but only sign the ones being installed. So it would be nice if you could do something like: mysigner = signer(hash:'sha256', timestamp_url:'http://sha256.timestamp.url/timestamp', key:'mykeyname')
executable('prog', 'prog.c', install : true, install_dir : 'my/special/dir', sign: mysigner) On Windows that would build the file, run signtool on it using the command parameters set up by signer which would overwrite prog.exe, then install it. A quick interweb search shows me that there is something similar for MacOS. |
The simplest solution is to write a script that takes as an argument the exe and outputs the signature file. Then do something like: exe = executable(...)
signer_script = find_program(...)
custom_target('exesign',
input: exe
output: 'exename.sign',
command: [signer_script, '@INPUT@', '@OUTPUT@'],
build_by_defalt: true) If the signer tool does not create an external file but instead alters the original executable, make the script write something (anything) in the output file after signing. This makes the timestamps work. |
Hmmm... sort of like CMake’s POST BUILD custom command that seems to be the official way of running tools like signtool. It’s simple, but It does become ugly if you have a dozen executables to sign for Windows only (though I guess a disabler on the signing script should eliminate the if statements). |
Would it be difficult to implement in the Meson itself? Something like this interface:
|
Some MSVC tools like the manifest tool (mt.exe) and signtool update the input executable rather than creating a new output file.
With CMake, one way to use these is through POST_BUILD custom commands, which run after a target is built.
What is a good way to do this with meson?
I suppose an install script could do it, but then it requires installing. Another option would be a run target, but that still needs an extra step (and knowing where the target is). You could use a custom target, but then you need to copy the input file, or rename the original.
What issues could arise from for instance allowing custom targets to have the same input and output? Or perhaps a post_build kwarg for executable/library?
The text was updated successfully, but these errors were encountered: