Security-58286.220.15.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / SecCodeSigner.cpp

diff --git a/OSX/libsecurity_codesigning/lib/SecCodeSigner.cpp b/OSX/libsecurity_codesigning/lib/SecCodeSigner.cpp
index 7d83ce7a39959d5d8c90953cf91fa0c5231be2d7..a7e31f657312053d8505c0114664d00b3426c6dc 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/SecCodeSigner.cpp
+++ b/OSX/libsecurity_codesigning/lib/SecCodeSigner.cpp
@@ -59,6 +59,8 @@ const CFStringRef kSecCodeSignerTimestampOmitCertificates =   CFSTR("timestamp-omi
 const CFStringRef kSecCodeSignerPreserveMetadata = CFSTR("preserve-metadata");
 const CFStringRef kSecCodeSignerTeamIdentifier =       CFSTR("teamidentifier");
 const CFStringRef kSecCodeSignerPlatformIdentifier = CFSTR("platform-identifier");
 const CFStringRef kSecCodeSignerPreserveMetadata = CFSTR("preserve-metadata");
 const CFStringRef kSecCodeSignerTeamIdentifier =       CFSTR("teamidentifier");
 const CFStringRef kSecCodeSignerPlatformIdentifier = CFSTR("platform-identifier");

+const CFStringRef kSecCodeSignerRuntimeVersion = CFSTR("runtime-version");
+const CFStringRef kSecCodeSignerPreserveAFSC = CFSTR("preserve-afsc");

 
 
 
 
 
 


@@ -89,7 +91,9 @@ OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
                | kSecCSSignV1
                | kSecCSSignNoV1
                | kSecCSSignBundleRoot
                | kSecCSSignV1
                | kSecCSSignNoV1
                | kSecCSSignBundleRoot

-               | kSecCSSignStrictPreflight);
+               | kSecCSSignStrictPreflight
+        | kSecCSSignGeneratePEH
+               | kSecCSSignGenerateEntitlementDER);

        SecPointer<SecCodeSigner> signer = new SecCodeSigner(flags);
        signer->parameters(parameters);
        CodeSigning::Required(signerRef) = signer->handle();
        SecPointer<SecCodeSigner> signer = new SecCodeSigner(flags);
        signer->parameters(parameters);
        CodeSigning::Required(signerRef) = signer->handle();