OS X: Have the PKG installer also be signed

2025-10-26 11:17:43 +00:00 · 2014-09-02 17:57:22 +02:00 · 2014-09-02 17:57:22 +02:00 · 49c40a4b11
commit 49c40a4b11
parent d1eff0ae24
1 changed files with 16 additions and 7 deletions
--- a/admin/osx/create_mac_pkg.sh.cmake
+++ b/admin/osx/create_mac_pkg.sh.cmake
@ -4,6 +4,8 @@
 # http://s.sudre.free.fr/Software/Packages/about.html
 #

+[ "$#" -lt 2 ] && echo "Usage: create_mac_pkg.sh <CMAKE_INSTALL_DIR> <build dir> <installer sign identity>" && exit
+
 # the path of installation must be given as parameter
 if [ -z "$1" ]; then
  echo "ERROR: Provide the path to CMAKE_INSTALL_DIR to this script as first parameter."
@ -15,8 +17,9 @@ if [ -z "$2" ]; then
  exit 1
 fi

-install_path=$1
-build_path=$2
+install_path="$1"
+build_path="$2"
+identity="$3"
 prjfile=$build_path/admin/osx/macosx.pkgproj

 # The name of the installer package
@ -42,13 +45,19 @@ else
  exit 3
 fi

-# FIXME: Sign the finished package.
-# See http://s.sudre.free.fr/Software/documentation/Packages/en/Project_Configuration.html#5
-# certname=gdbsign
-# productsign --cert $certname admin/$installer ./$installer
+# Sign the finished package if desired.
+if [ ! -z "$identity" ]; then
+	echo "Will try to sign the installer"
+	pushd $install_path
+	productsign --sign "$identity" "$installer_file" "$installer_file.new"
+	mv "$installer_file".new $installer_file
+	popd
+else
+	echo "No certificate given, will not sign the pkg"
+fi

 # FIXME: OEMs?
-
+# they will need to do their own signing..


 # Sparkle wants a tbz, it cannot install raw pkg