From 1f78de676d4aace58afe6d056d5ad3a7e653bfb7 Mon Sep 17 00:00:00 2001
From: Michael Fabian 'Xaymar' Dirks <info@xaymar.com>
Date: Fri, 26 Nov 2021 02:46:38 +0100
Subject: [PATCH] cmake: Fix and improve Code Signing on Windows

It was sometimes impossible to sign the binaries on Windows, depending on how CMake was being run. By explicitly converting to the intended native format, we avoid this problem for most situations. Additionally we now support per-project certificates, instead of global certificates only. This also allows multiple uses of cmake-codesign in the same overall project.
---
 CMakeLists.txt | 52 +++++++++++++++++++++++++++++++++++++++++++++++---
 cmake/codesign |  2 +-
 2 files changed, 50 insertions(+), 4 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index da8b1e7..43b6193 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -356,6 +356,26 @@ endif()
 if(${PREFIX}ENABLE_CODESIGN AND (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/cmake/codesign/CodeSign.cmake"))
 	include("cmake/codesign/CodeSign.cmake")
 	set(HAVE_CODESIGN ON)
+
+	set(${PREFIX}CODESIGN_FILE "" CACHE FILEPATH "Path to Code-Signing certificate.")
+	if(WIN32)
+		set(${PREFIX}CODESIGN_NAME "" CACHE STRING "Name of Code-Signing certificate in Windows's certificate storage.")
+	endif()
+	set(${PREFIX}CODESIGN_PASS "" CACHE STRING "Password for Code-Signing certificate.")
+	set(${PREFIX}CODESIGN_TIMESTAMPS ON CACHE BOOL "Should the resulting binary be timestamped?")
+
+	set(_CODESIGN_FILE "$ENV{${PREFIX}CODESIGN_FILE}")
+	if(${PREFIX}CODESIGN_FILE)
+		set(_CODESIGN_FILE "${${PREFIX}CODESIGN_FILE}")
+	endif()
+	set(_CODESIGN_NAME "$ENV{${PREFIX}CODESIGN_NAME}")
+	if(${PREFIX}CODESIGN_NAME)
+		set(_CODESIGN_NAME "${${PREFIX}CODESIGN_NAME}")
+	endif()
+	set(_CODESIGN_PASS "$ENV{${PREFIX}CODESIGN_PASS}")
+	if(${PREFIX}CODESIGN_PASS)
+		set(_CODESIGN_PASS "${${PREFIX}CODESIGN_PASS}")
+	endif()
 endif()
 
 ################################################################################
@@ -1930,7 +1950,17 @@ endif()
 
 # Code Sign
 if(HAVE_CODESIGN)
-	codesign(TARGETS ${PROJECT_NAME})
+	set(_CODESIGN_TIMESTAMP "")
+	if(${PREFIX}CODESIGN_TIMESTAMPS)
+		set(_CODESIGN_TIMESTAMP "TIMESTAMPS")
+	endif()
+	codesign(
+		TARGETS ${PROJECT_NAME}
+		CERTIFICATE_FILE "${_CODESIGN_FILE}"
+		CERTIFICATE_NAME "${_CODESIGN_NAME}"
+		CERTIFICATE_PASS "${_CODESIGN_PASS}"
+		${_CODESIGN_TIMESTAMP}
+	)
 endif()
 
 ################################################################################
@@ -2129,8 +2159,24 @@ if(NOT ${PREFIX}OBS_NATIVE)
 			file(TO_NATIVE_PATH "${ISS_MSVCHELPER_PATH}" ISS_MSVCHELPER_PATH)
 
 			if(HAVE_CODESIGN)
-				codesign_command_win32(SHA1 RETURN_BIN ISS_CODESIGN_BIN_SHA1 RETURN_ARGS ISS_CODESIGN_CMD_SHA1)
-				codesign_command_win32(SHA2 APPEND RETURN_BIN ISS_CODESIGN_BIN_SHA2 RETURN_ARGS ISS_CODESIGN_CMD_SHA2)
+				codesign_command_win32(
+					SHA1
+					RETURN_BIN ISS_CODESIGN_BIN_SHA1
+					RETURN_ARGS ISS_CODESIGN_CMD_SHA1
+					CERTIFICATE_FILE "${_CODESIGN_FILE}"
+					CERTIFICATE_NAME "${_CODESIGN_NAME}"
+					CERTIFICATE_PASS "${_CODESIGN_PASS}"
+					${_CODESIGN_TIMESTAMP}
+				)
+				codesign_command_win32(
+					SHA2 APPEND
+					RETURN_BIN ISS_CODESIGN_BIN_SHA2
+					RETURN_ARGS ISS_CODESIGN_CMD_SHA2
+					CERTIFICATE_FILE "${_CODESIGN_FILE}"
+					CERTIFICATE_NAME "${_CODESIGN_NAME}"
+					CERTIFICATE_PASS "${_CODESIGN_PASS}"
+					${_CODESIGN_TIMESTAMP}
+				)
 				list(JOIN ISS_CODESIGN_CMD_SHA1 " " ISS_CODESIGN_CMD_SHA1)
 				list(JOIN ISS_CODESIGN_CMD_SHA2 " " ISS_CODESIGN_CMD_SHA2)
 
diff --git a/cmake/codesign b/cmake/codesign
index fe22c23..db839ac 160000
--- a/cmake/codesign
+++ b/cmake/codesign
@@ -1 +1 @@
-Subproject commit fe22c23c22244e4647e430812b8ceb0322772c81
+Subproject commit db839ac6093ecebd760d692e3f108e9a35982693