[CMake] cmake and code signing
Crni Gorac
cgorac at gmail.com
Fri Apr 22 16:32:18 EDT 2011
Am working on CMake based project, using CPack for building
installers. On Windows, I'm using NSIS back-end for CPack. I'm
working now on a feature request, consisting of signing the
application executable itself, as well as installer exectuable, using
my company code signing certificate. Signing procedure boils down to
running "signtool" command-line application, specifying certificate to
be used, and executable to be signed from command line:
signtool sign /s "My Company" my-app.exe
I was able to incorporate signing my application executable file
through CMake, using add_custom_command() of POST_BUILD_TYPE, and that
works great. At the moment, I've also added a call to signtool, in
order to sign my application installer, to the batch file (consisting
of cmake, mingw32-make and cpack calls) I'm using for building
installer. That also works fine, but my first question here would be:
is it possible somehow to accomplish this step through CPack, to
somehow run some command after CPack generated the installer file?
My second, and more important at the moment, question is about signing
un-installer. At the moment, CPack is generating NSIS project from
corresponding template, that is written so that un-installer is
created on end-user machine, thus it is not possible to sign it.
There seems to be a solution for this sort of situation, and it is
discussed here:
http://nsis.sourceforge.net/Signing_an_Uninstaller
However, it doesn't seem to me that this amount of edits is possible
with current NSIS project template mechanism that CPack is using. So
- any suggestions on how to make this sort of changes in NSIS project
file generated by CPack?
Thanks.
More information about the CMake
mailing list