Uploaded image for project: 'Qbs ("Cubes")'
  1. Qbs ("Cubes")
  2. QBS-1651

Windows signtool integration timeserver usage needs way to specify timestamp digest algorithm

    XMLWordPrintable

    Details

    • Platform/s:
      Windows
    • Commits:
      273000f895d656cc220ee4886f28334d50062b59 (qbs/qbs/1.19)

      Description

      When signing component for windows distribution, the use of a timestamp server is required during signing. Unfortunately the sign tool uses SHA1 as the default but SHA256 is recommended and required for App Store distribution.

      This requires the parameter "/td sha256" AFTER the parameter /tr that specifies the time stamp server url on the command line.

      When adding 

      `codesign.codesignFlags: [ "/td", "SHA256" ]`

      with 

      `codesign.signingTimestamp: "<url>"`

      it won't work as qbs inserts the flags first.

      The workaround is to not use "signingTimestamp" but specify both using the flags parameters, but this is error prone and inconvenient.

      A timestampAlgorithm parameter to (with default sha256) speficy the TS digest algorithm explicitly would solve this problem, otherwise the signingTimestamp parameter is quite useless when the app is to be distributed over the App Store.

       

       

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            kuzulis Denis Shienkov
            Reporter:
            hrabowski Maximilian Hrabowski
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes