Uploaded image for project: 'Qbs ("Cubes")'
  1. Qbs ("Cubes")
  2. QBS-1651

Windows signtool integration timeserver usage needs way to specify timestamp digest algorithm

    XMLWordPrintable

Details

    • Windows
    • 273000f895d656cc220ee4886f28334d50062b59 (qbs/qbs/1.19)

    Description

      When signing component for windows distribution, the use of a timestamp server is required during signing. Unfortunately the sign tool uses SHA1 as the default but SHA256 is recommended and required for App Store distribution.

      This requires the parameter "/td sha256" AFTER the parameter /tr that specifies the time stamp server url on the command line.

      When adding 

      `codesign.codesignFlags: [ "/td", "SHA256" ]`

      with 

      `codesign.signingTimestamp: "<url>"`

      it won't work as qbs inserts the flags first.

      The workaround is to not use "signingTimestamp" but specify both using the flags parameters, but this is error prone and inconvenient.

      A timestampAlgorithm parameter to (with default sha256) speficy the TS digest algorithm explicitly would solve this problem, otherwise the signingTimestamp parameter is quite useless when the app is to be distributed over the App Store.

       

       

      Attachments

        For Gerrit Dashboard: QBS-1651
        # Subject Branch Project Status CR V
        354583,6 codesign: Add new codesign.timestampAlgorithm property 1.19 qbs/qbs Status: MERGED +2 +1

        Activity

          People

            kuzulis Denis Shienkov
            hrabowski Maximilian Hrabowski
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes