Build/packaging: Support macOS package/DMG signing

commit: ec5adb83dd38d31374670129851cccc729b9ce13 [log] [tgz]
author: DRC <information@libjpeg-turbo.org> Sat May 18 17:58:50 2019 -0500
committer: DRC <information@libjpeg-turbo.org> Sat May 18 17:58:50 2019 -0500
tree: e3b1fc101ca03aeb04ac2a2add742a2446aa77bd
parent: c8e52741fdb623698a27a4c55cf63db93c95aa14 [diff]
diff --git a/cmakescripts/BuildPackages.cmake b/cmakescripts/BuildPackages.cmake
index 57f0672..11d5426 100644
--- a/cmakescripts/BuildPackages.cmake
+++ b/cmakescripts/BuildPackages.cmake

@@ -145,6 +145,11 @@
 set(IOS_ARMV8_BUILD ${DEFAULT_IOS_ARMV8_BUILD} CACHE PATH
   "Directory containing ARMv8 iOS build to include in universal binaries (default: ${DEFAULT_IOS_ARMV8_BUILD})")
 
+set(OSX_APP_CERT_NAME "" CACHE STRING
+  "Name of the Developer ID Application certificate (in the macOS keychain) that should be used to sign the libjpeg-turbo DMG.  Leave this blank to generate an unsigned DMG.")
+set(OSX_INST_CERT_NAME "" CACHE STRING
+  "Name of the Developer ID Installer certificate (in the macOS keychain) that should be used to sign the libjpeg-turbo installer package.  Leave this blank to generate an unsigned package.")
+
 configure_file(release/makemacpkg.in pkgscripts/makemacpkg)
 configure_file(release/Distribution.xml.in pkgscripts/Distribution.xml)
 configure_file(release/uninstall.in pkgscripts/uninstall)

diff --git a/release/makemacpkg.in b/release/makemacpkg.in
index b0a2e23..42b455d 100644
--- a/release/makemacpkg.in
+++ b/release/makemacpkg.in

@@ -58,6 +58,8 @@
 BUILDDIRARMV7S=@IOS_ARMV7S_BUILD@
 BUILDDIRARMV8=@IOS_ARMV8_BUILD@
 WITH_JAVA=@WITH_JAVA@
+OSX_APP_CERT_NAME="@OSX_APP_CERT_NAME@"
+OSX_INST_CERT_NAME="@OSX_INST_CERT_NAME@"
 LIPO=lipo
 
 PREFIX=@CMAKE_INSTALL_PREFIX@
@@ -258,11 +260,25 @@
 mkdir $TMPDIR/dmg
 pkgbuild --root $PKGROOT --version $VERSION.$BUILD --identifier @PKGID@ \
 	$TMPDIR/pkg/$PKGNAME.pkg
+SUFFIX=
+if [ "$OSX_INST_CERT_NAME" != "" ]; then
+	SUFFIX=-unsigned
+fi
 productbuild --distribution pkgscripts/Distribution.xml \
 	--package-path $TMPDIR/pkg/ --resources $TMPDIR/pkg/ \
-	$TMPDIR/dmg/$PKGNAME.pkg
+	$TMPDIR/dmg/$PKGNAME$SUFFIX.pkg
+if [ "$OSX_INST_CERT_NAME" != "" ]; then
+	productsign --sign "$OSX_INST_CERT_NAME" --timestamp \
+		$TMPDIR/dmg/$PKGNAME$SUFFIX.pkg $TMPDIR/dmg/$PKGNAME.pkg
+	rm -r $TMPDIR/dmg/$PKGNAME$SUFFIX.pkg
+	pkgutil --check-signature $TMPDIR/dmg/$PKGNAME.pkg
+fi
 hdiutil create -fs HFS+ -volname $PKGNAME-$VERSION \
 	-srcfolder "$TMPDIR/dmg" $TMPDIR/$PKGNAME-$VERSION.dmg
+if [ "$OSX_APP_CERT_NAME" != "" ]; then
+	codesign -s "$OSX_APP_CERT_NAME" --timestamp $TMPDIR/$PKGNAME-$VERSION.dmg
+	codesign -vv $TMPDIR/$PKGNAME-$VERSION.dmg
+fi
 cp $TMPDIR/$PKGNAME-$VERSION.dmg .
 
 exit
commit	ec5adb83dd38d31374670129851cccc729b9ce13	[log] [tgz]
author	DRC <information@libjpeg-turbo.org>	Sat May 18 17:58:50 2019 -0500
committer	DRC <information@libjpeg-turbo.org>	Sat May 18 17:58:50 2019 -0500
tree	e3b1fc101ca03aeb04ac2a2add742a2446aa77bd
parent	c8e52741fdb623698a27a4c55cf63db93c95aa14 [diff]