osxbundle: sign bundle with ad-hoc pseudo identity

without a developer license and the corresponding certificate we can't sign our app bundle properly. instead use the ad-hoc pseudo identity. there. i am not sure what restrictions we have because of that, but it's the only way we can pseudo sign the app bundle. Fixes #12116
2023-11-13 23:47:16 +01:00 · 2023-11-13 23:47:16 +01:00 · 62b1ce0a55
parent aa8af2e66b
commit 62b1ce0a55
1 changed files with 6 additions and 0 deletions
--- a/TOOLS/osxbundle.py
+++ b/TOOLS/osxbundle.py
@ -38,6 +38,9 @@ def apply_plist_template(plist_file, version):
    for line in fileinput.input(plist_file, inplace=1):
        print(line.rstrip().replace('${VERSION}', version))

+def sign_bundle(binary_name):
+    sh('codesign --force --deep -s - ' + bundle_path(binary_name))
+
 def bundle_version():
    if os.path.exists('VERSION'):
        x = open('VERSION')
@ -75,6 +78,9 @@ def main():
        print("> bundling dependencies")
        print(sh(" ".join(["TOOLS/dylib-unhell.py", target_binary(binary_name)])))

+    print("> signing bundle with ad-hoc pseudo identity")
+    sign_bundle(binary_name)
+
    print("done.")

 if __name__ == "__main__":