From 2dd710e7ea5163af3573d7d53c64858aaa88cf58 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Thu, 2 Aug 2012 13:35:41 -0700
Subject: [PATCH] build: Sign pkg installer for OS X

This makes the installer work on Mountain Lion.
---
 Makefile                 |  5 ++++-
 tools/osx-codesign.sh    | 12 ++++++++++++
 tools/osx-productsign.sh | 12 ++++++++++++
 3 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 tools/osx-codesign.sh
 create mode 100644 tools/osx-productsign.sh

diff --git a/Makefile b/Makefile
index 15546d06d5c..19dfa82c961 100644
--- a/Makefile
+++ b/Makefile
@@ -3,6 +3,7 @@
 BUILDTYPE ?= Release
 PYTHON ?= python
 DESTDIR ?=
+SIGN ?=
 
 # Default to verbose builds.
 # To do quiet/pretty builds, run `make V=` to set V to an empty string,
@@ -210,6 +211,7 @@ $(PKG):
 	rm -rf out/deps out/Release
 	./configure --prefix=$(PKGDIR)/usr/local --without-snapshot --dest-cpu=x64
 	$(MAKE) install V=$(V)
+	SIGN="$(SIGN)" PKGDIR="$(PKGDIR)" bash tools/osx-codesign.sh
 	lipo $(PKGDIR)/32/usr/local/bin/node \
 		$(PKGDIR)/usr/local/bin/node \
 		-output $(PKGDIR)/usr/local/bin/node-universal \
@@ -217,9 +219,10 @@ $(PKG):
 	mv $(PKGDIR)/usr/local/bin/node-universal $(PKGDIR)/usr/local/bin/node
 	rm -rf $(PKGDIR)/32
 	$(packagemaker) \
-		--id "org.nodejs.NodeJS-$(VERSION)" \
+		--id "org.nodejs.Node" \
 		--doc tools/osx-pkg.pmdoc \
 		--out $(PKG)
+	SIGN="$(SIGN)" PKG="$(PKG)" bash tools/osx-productsign.sh
 
 $(TARBALL): node doc
 	@if [ "$(shell git status --porcelain | egrep -v '^\?\? ')" = "" ]; then \
diff --git a/tools/osx-codesign.sh b/tools/osx-codesign.sh
new file mode 100644
index 00000000000..65a8d48b8ab
--- /dev/null
+++ b/tools/osx-codesign.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -x
+set -e
+
+if ! [ -n "$SIGN" ] && [ $STEP -eq 1 ]; then
+  echo "No SIGN environment var.  Skipping codesign." >&2
+  exit 0
+fi
+
+codesign -s "$SIGN" "$PKGDIR"/usr/local/bin/node
+codesign -s "$SIGN" "$PKGDIR"/32/usr/local/bin/node
diff --git a/tools/osx-productsign.sh b/tools/osx-productsign.sh
new file mode 100644
index 00000000000..4834c9bbb87
--- /dev/null
+++ b/tools/osx-productsign.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -x
+set -e
+
+if ! [ -n "$SIGN" ]; then
+  echo "No SIGN environment var.  Skipping codesign." >&2
+  exit 0
+fi
+
+productsign --sign "$SIGN" "$PKG" "$PKG"-SIGNED
+mv "$PKG"-SIGNED "$PKG"