From aa38a783bf3c4f46e7f80d04419bea6d34e589ac Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Wed, 8 Nov 2023 20:39:04 +0100
Subject: [PATCH] tools: add macOS notarization verification step

---
 tools/osx-notarize.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tools/osx-notarize.sh b/tools/osx-notarize.sh
index 300173dd7fe0e9..dba68293b2f34d 100755
--- a/tools/osx-notarize.sh
+++ b/tools/osx-notarize.sh
@@ -48,8 +48,14 @@ xcrun notarytool submit \
 
 if [ $? -eq 0 ]; then
   echo "Notarization node-$pkgid.pkg submitted successfully."
-  exit 0
 else
   echo "Notarization node-$pkgid.pkg failed."
   exit 1
 fi
+
+if ! xcrun spctl --assess --type install --context context:primary-signature --ignore-cache --verbose=2 "node-$pkgid.pkg"; then
+  echo "error: Signature will not be accepted by Gatekeeper!" 1>&2
+  exit 1
+else
+  echo "Verification was successful."
+fi
\ No newline at end of file