build script: code sign on executable outside of application bundle

2024-11-24 21:01:59 +00:00 · 2021-01-05 10:47:08 +02:00 · 2021-01-05 10:47:08 +02:00 · ba0e03d074
commit ba0e03d074
parent a6ff02d531
1 changed files with 4 additions and 5 deletions
--- a/build.py
+++ b/build.py
@ -1917,11 +1917,10 @@ class Builder(object):
            args += ['-create', '-output', dst_file]
            subprocess.check_call(args)

-            # TODO: check if ad-hoc code signing is really needed
-            # See https://github.com/Homebrew/brew/commit/e945b1c42ab44feb1c6814f47cc833d76b1a921c
-            # if is_executable:
-            #     args = ('codesign', '--sign', '-', dst_file)
-            #     subprocess.check_call(args)
+            # Apply ad-hoc code signing on executable files outside of application bundles
+            if is_executable and '.app/Contents/' not in src.path:
+                args = ('codesign', '--sign', '-', dst_file)
+                subprocess.check_call(args)
        else:
            if not Builder._compare_files(src_sub_paths):
                print(f'WARNING: Source files for {dst_path + os.sep + src.name} don\'t match')