codesign

Provides code signing support. More...

Since: Qbs 1.19

Properties

Detailed Description

The codesign module contains properties and rules for code signing on Apple and Android platforms.

Relevant File Tags

TagAuto-tagged File NamesSinceDescription
"codesign.entitlements"*.entitlements1.19.0Xcode entitlements
"codesign.provisioningprofile"*.mobileprovision, *.provisionprofile1.19.0Xcode provisioning profiles
"codesign.signed_artifact"n/a1.19.0This tag is attached to all signed artifacts such as applications or libraries

Property Documentation

[since Qbs 1.19] certificatePassword : string

Specifies the password to use when opening a signing certificate file (*.pfx).

Default: undefined

This property is specific to Windows.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] certificatePath : string

Specifies the full path to the signing certificate file (*.pfx).

Default: undefined

This property is specific to Windows.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] codesignFlags : stringList

Additional flags passed to the codesign tool.

Default: Undefined

This property was introduced in Qbs 1.19.


[since Qbs 1.19] codesignName : string

The name of the codesign binary.

Default: Determined automatically

This property was introduced in Qbs 1.19.


[since Qbs 1.19] codesignPath : string

Path to the codesign tool.

Default: Determined automatically

This property was introduced in Qbs 1.19.


[since Qbs 1.19] crossCertificatePath : string

Specifies the full path to the additional certificate file (*.cer).

Default: undefined

This property is specific to Windows.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] enableCodeSigning : bool

Whether to actually perform code signing.

Default: false

This property was introduced in Qbs 1.19.


[since Qbs 1.19] hashAlgorithm : string

Specifies the default hash algorithm used on the signing certificate. The possible values are sha1, sha256, sha384, and sha512.

Note: Only available in Windows 10 kit builds 20236 and later.

Default: undefined

This property is specific to Windows.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] keyAlias : string

The key alias.

Default: "androiddebugkey"

This property is specific to Android platforms.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] keyPassword : string

The key password.

Default: "android"

This property is specific to Android platforms.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] keystorePassword : string

The keystore password.

Default: "android"

This property is specific to Android platforms.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] keystorePath : string

The absolute path to the keystore file.

Default: "${HOME}/.android/debug.keystore"

This property is specific to Android platforms.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] provisioningProfile : string

Name or UUID of the provisioning profile to embed in the product. Typically this should be left blank to allow Qbs to use automatic provisioning.

Default: undefined

This property is specific to Apple platforms.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] provisioningProfilesPath : path

Path to directory containing provisioning profiles installed on the system. This should not normally need to be changed.

Default: "~/Library/MobileDevice/Provisioning Profiles"

This property is specific to Apple platforms.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] rootSubjectName : string

Specifies the name of the subject of the root certificate that the signing certificate must chain to. This value may be a substring of the entire subject name of the root certificate.

Default: undefined

This property is specific to Windows.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] signingIdentity : string

Search string used to find the certificate to sign the product. This does not have to be a full certificate name like "Mac Developer: John Doe (XXXXXXXXXX)", and can instead be a partial string like "Mac Developer" or the certificate's SHA1 fingerprint. The search string should generally be one of the following:

  • 3rd Party Mac Developer Application
  • 3rd Party Mac Developer Installer
  • Developer ID Application
  • Developer ID Installer
  • iPhone Developer
  • iPhone Distribution
  • Mac Developer

It is also possible to use the special "-" value to use the ad-hoc signing.

See Maintaining Your Signing Identities and Certificates for complete documentation on the existing certificate types. In general you should use signingType instead.

Default: Determined by signingType

This property is specific to Apple platforms.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] signingTimestamp : string

URL of the timestamp authority RFC 3161 server to be contacted to authenticate code signing. undefined or empty indicates that a system-specific default should be used; "none" explicitly disables the use of timestamp services on Apple platforms.

Default: "none" on Apple, undefined otherwise

This property was introduced in Qbs 1.19.


[since Qbs 1.19] signingType : string

Type of code signing to use. This should generally be used in preference to an explicit signing identity like "Mac Developer: John Doe (XXXXXXXXXX)" since it is not user specific and can be set in a project file. Possible values include: "app-store", "apple-id", "ad-hoc", which sign for the App Store or Mac App Store, Developer ID, and Ad-hoc code signing, respectively.

Relation between the signingType and signingIdentity

The following table shows how the signingIdentity's default value is calculated.

qbs.targetOScodesign.signingTypeqbs.buildVariantcodesign.signingIdentity
"macos""ad-hoc"any"-"
"app-store""debug", "profiling""Mac Developer"
"release""3rd Party Mac Developer Application"
"apple-id"any"Developer ID Application"
"ios", "tvos", "watchos""app-store""debug", "profiling""iPhone Developer"
"release""iPhone Distribution"

Default: Determined automatically

This property is specific to Apple platforms.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] subjectName : string

Specifies the name of the subject of the signing certificate. This value can be a substring of the entire subject name.

Default: undefined

This property is specific to Windows.

This property was introduced in Qbs 1.19.


[since Qbs 1.19] teamIdentifier : string

Human readable name or 10-digit identifier of the Apple development team that the signing identity belongs to. This is used to disambiguate between multiple certificates of the same type in different teams. Typically this can be left blank if the development machine is only signed in to a single development team, and should be set in a profile otherwise.

Default: undefined

This property is specific to Apple platforms.

This property was introduced in Qbs 1.19.


[since Qbs 1.19.2] timestampAlgorithm : string

Specifies the default timestamp algorithm used together with the signingTimestamp property. The possible values are sha1, sha256.

Note: If this value is not set, then the default sha1 algorithm will be used.

Default: undefined

This property is specific to Windows.

This property was introduced in Qbs 1.19.2.


[since Qbs 1.19] useApksigner : bool

If true, the package is signed using apksignerFilePath binary. Set this property to false to use the jarsignerFilePath one. Set by the Android.sdk module.

Default: true

This property is specific to Android platforms.

This property was introduced in Qbs 1.19.


© 2022 The Qt Company Ltd. Documentation contributions included herein are the copyrights of their respective owners. The documentation provided herein is licensed under the terms of the GNU Free Documentation License version 1.3 as published by the Free Software Foundation. Qt and respective logos are trademarks of The Qt Company Ltd in Finland and/or other countries worldwide. All other trademarks are property of their respective owners.