From 62b1ce0a55b165c1bad2f5ca4ec136f929b792db Mon Sep 17 00:00:00 2001
From: der richter <der.richter@gmx.de>
Date: Mon, 13 Nov 2023 23:47:16 +0100
Subject: osxbundle: sign bundle with ad-hoc pseudo identity

without a developer license and the corresponding certificate we can't
sign our app bundle properly. instead use the ad-hoc pseudo identity.
there. i am not sure what restrictions we have because of that, but it's
the only way we can pseudo sign the app bundle.

Fixes #12116
---
 TOOLS/osxbundle.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'TOOLS')

diff --git a/TOOLS/osxbundle.py b/TOOLS/osxbundle.py
index bd1ab45a58..98699e478b 100755
--- a/TOOLS/osxbundle.py
+++ b/TOOLS/osxbundle.py
@@ -38,6 +38,9 @@ def apply_plist_template(plist_file, version):
     for line in fileinput.input(plist_file, inplace=1):
         print(line.rstrip().replace('${VERSION}', version))
 
+def sign_bundle(binary_name):
+    sh('codesign --force --deep -s - ' + bundle_path(binary_name))
+
 def bundle_version():
     if os.path.exists('VERSION'):
         x = open('VERSION')
@@ -75,6 +78,9 @@ def main():
         print("> bundling dependencies")
         print(sh(" ".join(["TOOLS/dylib-unhell.py", target_binary(binary_name)])))
 
+    print("> signing bundle with ad-hoc pseudo identity")
+    sign_bundle(binary_name)
+
     print("done.")
 
 if __name__ == "__main__":
-- 
cgit v1.2.3