Security-58286.220.15.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / SecCodeSigner.cpp

diff --git a/OSX/libsecurity_codesigning/lib/SecCodeSigner.cpp b/OSX/libsecurity_codesigning/lib/SecCodeSigner.cpp
index e9965556c7012a4f6ff91b66865461490c8a190b..a7e31f657312053d8505c0114664d00b3426c6dc 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/SecCodeSigner.cpp
+++ b/OSX/libsecurity_codesigning/lib/SecCodeSigner.cpp
@@ -59,12 +59,9 @@ const CFStringRef kSecCodeSignerTimestampOmitCertificates =  CFSTR("timestamp-omi
 const CFStringRef kSecCodeSignerPreserveMetadata = CFSTR("preserve-metadata");
 const CFStringRef kSecCodeSignerTeamIdentifier =       CFSTR("teamidentifier");
 const CFStringRef kSecCodeSignerPlatformIdentifier = CFSTR("platform-identifier");
+const CFStringRef kSecCodeSignerRuntimeVersion = CFSTR("runtime-version");
+const CFStringRef kSecCodeSignerPreserveAFSC = CFSTR("preserve-afsc");
 
-// temporary add-back to bridge B&I build dependencies -- remove soon
-const CFStringRef kSecCodeSignerTSAUse = CFSTR("timestamp-required");
-const CFStringRef kSecCodeSignerTSAURL = CFSTR("timestamp-url");
-const CFStringRef kSecCodeSignerTSAClientAuth = CFSTR("timestamp-authentication");
-const CFStringRef kSecCodeSignerTSANoCerts =   CFSTR("timestamp-omit-certificates");
 
 
 //
@@ -94,7 +91,9 @@ OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
                | kSecCSSignV1
                | kSecCSSignNoV1
                | kSecCSSignBundleRoot
-               | kSecCSSignStrictPreflight);
+               | kSecCSSignStrictPreflight
+        | kSecCSSignGeneratePEH
+               | kSecCSSignGenerateEntitlementDER);
        SecPointer<SecCodeSigner> signer = new SecCodeSigner(flags);
        signer->parameters(parameters);
        CodeSigning::Required(signerRef) = signer->handle();