From d5d330413b096bce49e5bc833cca3e4c1b6128ca Mon Sep 17 00:00:00 2001
From: Jakob Borg <jakob@nym.se>
Date: Sat, 16 Jan 2016 19:43:50 +0100
Subject: [PATCH] Codesign binaries in Mac OS X distribution packages

---
 build.go | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/build.go b/build.go
index 3714d7da6..4bd1fcecd 100644
--- a/build.go
+++ b/build.go
@@ -255,6 +255,9 @@ func buildTar() {
 		files = append(files, archiveFile{src: file, dst: name + "/" + filepath.Base(file)})
 	}
 
+	if goos == "darwin" {
+		macosCodesign("syncthing")
+	}
 	tarGz(filename, files)
 	log.Println(filename)
 }
@@ -743,3 +746,23 @@ func lint(pkg string) {
 		}
 	}
 }
+
+func macosCodesign(file string) {
+	if pass := os.Getenv("CODESIGN_KEYCHAIN_PASS"); pass != "" {
+		bs, err := runError("security", "unlock-keychain", "-p", pass)
+		if err != nil {
+			log.Println("Codesign: unlocking keychain failed:", string(bs))
+			return
+		}
+	}
+
+	if id := os.Getenv("CODESIGN_IDENTITY"); id != "" {
+		bs, err := runError("codesign", "-s", id, file)
+		if err != nil {
+			log.Println("Codesign: signing failed:", string(bs))
+			return
+		}
+	}
+
+	log.Println("Codesign: successfully signed", file)
+}