From a1be6105b97dddc1e03db0075f6ca3fc47fa8e1d Mon Sep 17 00:00:00 2001
From: Tobias Markmann <tm@ayena.de>
Date: Thu, 30 Jun 2016 20:46:32 +0200
Subject: Add initial support for code signing on OS X

See DEVELOPMENT.md for instructions.

Test-Information:

Tested using a self-signed code signing certificate created
using Keychain Access.app.

Compared the output of 'codesign -vvv -d' on Swift.app with
preinstall apps. The output looks much the same except for
the signing authority.

Change-Id: Idbb3209ad917091c371ced61ec8a77e3e5d18884

diff --git a/BuildTools/SCons/SConscript.boot b/BuildTools/SCons/SConscript.boot
index 13a49b8..f845159 100644
--- a/BuildTools/SCons/SConscript.boot
+++ b/BuildTools/SCons/SConscript.boot
@@ -104,6 +104,7 @@ vars.Add(BoolVariable("unbound", "Build bundled ldns and unbound. Use them for D
 vars.Add(BoolVariable("check_headers", "Independently build compilation units for all Swiften headers for detecting missing dependencies.", "no"))
 vars.Add("win_target_arch", "Target architecture for Windows builds. x86 for 32-bit (default) or x86_64 for 64-bit.", "x86")
 vars.Add(BoolVariable("install_git_hooks", "Install git hooks", "true"))
+vars.Add("codesign_identity", "macOS code signing identity to be passed to codesign when building the distribution package. Must match the Commen Name of the Subject of the code signing certificate.", "")
 
 ################################################################################
 # Set up default build & configure environment
@@ -370,6 +371,9 @@ if env["PLATFORM"] == "hpux" :
     # FIXME: Need -AA for linking C++ but not C
     #env.Append(LINKFLAGS = ["-AA"])
 
+# Code signing
+if env["PLATFORM"] == "darwin" :
+    env["CODE_SIGN_IDENTITY"] = env["codesign_identity"]
 
 # Testing
 env["TEST_TYPE"] = env["test"]
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
index 761fad3..2447853 100644
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -35,6 +35,11 @@ Note: The unit and integration tests are build targets. When passing specific bu
 ### Mac OS X
 The Mac OS X package consists of a disk image (.dmg) file containing an independently deployable **Swift.app** application bundle.
 
+For creating the Mac OS X package, i.e. the disk image, simply call `./scons.sh dist=1`. To additionally code sign the **Swift.app** application
+bundle, append `codesign_identity="Developer ID Application: Something here"` with your developer certificate identity to the `scons` command.
+
+**WARNING: Code signing has not been tested with third-party signed certificates yet!**
+
 ### Windows
 The Windows package consist of a Widnows Installer (.msi) file. This is generated using the Windows Installer XML Toolset.
 
diff --git a/Swift/Packaging/MacOSX/package.sh b/Swift/Packaging/MacOSX/package.sh
index a13a03c..7a63237 100755
--- a/Swift/Packaging/MacOSX/package.sh
+++ b/Swift/Packaging/MacOSX/package.sh
@@ -4,6 +4,7 @@ APP=$1
 TEMPLATE=$2
 TARGET=$3
 QTDIR=$4
+CODESIGN_IDENTITY=$5
 
 if [[ ! -f "$TEMPLATE" || ! -d "$APP" || ! -d "$QTDIR" || -z "$TARGET" ]]; then
 	echo "Error"
@@ -30,6 +31,11 @@ rm "$WC_DIR"/`basename $APP`/Contents/PlugIns/bearer/*.dylib
 # Remove debugging symbols from the application bundle
 rm -rf "$WC_DIR"/`basename $APP`/Contents/MacOS/*.dSYM
 
+# Codesign the app bundle if requested by caller
+if [ ! -z "$CODESIGN_IDENTITY" ]; then
+	codesign --verbose --force --deep --sign "$CODESIGN_IDENTITY" "$WC_DIR"/`basename $APP`
+fi
+
 hdiutil detach "$WC_DIR" -quiet -force
 rm -f $TARGET
 hdiutil convert "$WC_DMG" -quiet -format UDZO -imagekey zlib-level=9 -o "$TARGET"
diff --git a/Swift/QtUI/SConscript b/Swift/QtUI/SConscript
index 9c3d0af..4b3d716 100644
--- a/Swift/QtUI/SConscript
+++ b/Swift/QtUI/SConscript
@@ -368,7 +368,7 @@ if env["PLATFORM"] == "darwin" :
     commonResources[""] = commonResources.get("", []) + ["#/Swift/resources/MacOSX/Swift.icns"]
     app = myenv.AppBundle("Swift", version = myenv["SWIFT_VERSION"], resources = commonResources, frameworks = frameworks, handlesXMPPURIs = True)
     if env["DIST"] :
-        myenv.Command(["#/Packages/Swift/Swift-${SWIFT_VERSION}.dmg"], [app], ["Swift/Packaging/MacOSX/package.sh " + app.path + " Swift/Packaging/MacOSX/Swift.dmg.gz $TARGET $QTDIR"])
+        myenv.Command(["#/Packages/Swift/Swift-${SWIFT_VERSION}.dmg"], [app], ["Swift/Packaging/MacOSX/package.sh " + app.path + " Swift/Packaging/MacOSX/Swift.dmg.gz $TARGET $QTDIR " + "\"$CODE_SIGN_IDENTITY\""])
         dsym = myenv.Command(["Swift-${SWIFT_VERSION}.dSYM"], ["Swift"], ["dsymutil -o ${TARGET} ${SOURCE}"])
         myenv.Command(["#/Packages/Swift/Swift-${SWIFT_VERSION}.dSYM.zip"], dsym, ["cd ${SOURCE.dir} && zip -r ${TARGET.abspath} ${SOURCE.name}"])
 
-- 
cgit v0.10.2-6-g49f6