diff --git a/Makefile b/Makefile index 086ed515c62b7..952b9a00c1e63 100644 --- a/Makefile +++ b/Makefile @@ -427,9 +427,21 @@ ifeq ($(OS), Linux) endif ifeq ($(OS), WINNT) cd $(BUILDROOT)/julia-$(JULIA_COMMIT)/bin && rm -f llvm* llc.exe lli.exe opt.exe LTO.dll bugpoint.exe macho-dump.exe +endif + # If we're on macOS, and we have a codesigning identity, then codesign the binary-dist tarball! +ifeq ($(OS),Darwin) +ifneq ($(MACOS_CODESIGN_IDENTITY),) + echo "Codesigning with identity $(MACOS_CODESIGN_IDENTITY)"; \ + MACHO_FILES=$$(find "$(BUILDROOT)/julia-$(JULIA_COMMIT)" -type f -perm -0111 | cut -d: -f1); \ + for f in $${MACHO_FILES}; do \ + echo "Codesigning $${f}..."; \ + codesign -s "$(MACOS_CODESIGN_IDENTITY)" --option=runtime --entitlements $(JULIAHOME)/contrib/mac/app/Entitlements.plist -vvv --timestamp --deep --force "$${f}"; \ + done +endif endif cd $(BUILDROOT) && $(TAR) zcvf $(JULIA_BINARYDIST_FILENAME).tar.gz julia-$(JULIA_COMMIT) + exe: # run Inno Setup to compile installer $(call spawn,$(JULIAHOME)/dist-extras/inno/iscc.exe /DAppVersion=$(JULIA_VERSION) /DSourceDir="$(call cygpath_w,$(BUILDROOT)/julia-$(JULIA_COMMIT))" /DRepoDir="$(call cygpath_w,$(JULIAHOME))" /F"$(JULIA_BINARYDIST_FILENAME)" /O"$(call cygpath_w,$(BUILDROOT))" $(INNO_ARGS) $(call cygpath_w,$(JULIAHOME)/contrib/windows/build-installer.iss)) diff --git a/contrib/mac/app/Makefile b/contrib/mac/app/Makefile index edb6f868c9486..81b7e47cdf2cf 100644 --- a/contrib/mac/app/Makefile +++ b/contrib/mac/app/Makefile @@ -50,6 +50,9 @@ dmg/$(APP_NAME): startup.applescript julia.icns make -C $(JULIAHOME) binary-dist tar zxf $(JULIAHOME)/$(JULIA_BINARYDIST_FILENAME).tar.gz -C $@/Contents/Resources/julia --strip-components 1 find $@/Contents/Resources/julia -type f -exec chmod -w {} \; + # Even though the tarball may already be signed, we re-sign here to make it easier to add + # unsigned executables (like the app launcher) and whatnot, without needing to maintain lists + # of what is or is not signed. Codesigning is cheap, so might as well do it early and often. if [ -n "$$MACOS_CODESIGN_IDENTITY" ]; then \ echo "Codesigning with identity $$MACOS_CODESIGN_IDENTITY"; \ MACHO_FILES=$$(find "$@" -type f -perm -0111 | cut -d: -f1); \