From b12e2d990b8b82f4019c890933f60b8fa86eb2ff Mon Sep 17 00:00:00 2001
From: Don Gagne <dongagne@outlook.com>
Date: Sun, 21 Jun 2020 12:53:42 -0700
Subject: [PATCH] Sign OSX builds

---
 .travis.yml                    |   8 +++++++-
 QGCPostLinkInstaller.pri       |   5 +++++
 deploy/MacCertificates.p12.enc | Bin 0 -> 3328 bytes
 deploy/MacImportCert.sh        |   9 +++++++++
 4 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 deploy/MacCertificates.p12.enc
 create mode 100644 deploy/MacImportCert.sh

diff --git a/.travis.yml b/.travis.yml
index 069ad6aed..d4fbc6073 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -186,6 +186,12 @@ before_script:
         git fetch --tags origin master &&
         ./tools/update_android_version.sh ${BITNESS} ${TRAVIS_BRANCH};
     fi
+    
+  # Install signing cert into OSX keychain
+  - if [[ "${SPEC}" = "macx-clang" ]]; then
+        openssl aes-256-cbc -K $MAC_CERT_KEY -iv $MAC_CERT_IV -in deploy/MacCertificates.p12.enc -out deploy/MacCertificates.p12 -d &&
+        ./deploy/MacImportCert.sh;
+    fi
 
 script:
   # run qmake
@@ -197,7 +203,7 @@ script:
         echo "Daily build" &&
         export STABLE_OR_DAILY=DailyBuild;
     fi
-  - qmake -r ${TRAVIS_BUILD_DIR}/qgroundcontrol.pro CONFIG+=${CONFIG} CONFIG+=${STABLE_OR_DAILY} -spec ${SPEC};
+  - qmake -r ${TRAVIS_BUILD_DIR}/qgroundcontrol.pro CONFIG+=${CONFIG} CONFIG+=${STABLE_OR_DAILY} CONFIG+=codesign -spec ${SPEC};
 
   # compile
   - if [ "${SPEC}" != "macx-ios-clang" ]; then
diff --git a/QGCPostLinkInstaller.pri b/QGCPostLinkInstaller.pri
index cbe1480fa..1acf8de05 100644
--- a/QGCPostLinkInstaller.pri
+++ b/QGCPostLinkInstaller.pri
@@ -31,6 +31,11 @@ installer {
         QMAKE_POST_LINK += && echo osxrelocator
         QMAKE_POST_LINK += && python $$SOURCE_DIR/tools/osxrelocator.py $${TARGET}.app/Contents @rpath @executable_path/../Frameworks -r > /dev/null 2>&1
 
+        codesign {
+            QMAKE_POST_LINK += && echo codesign
+            QMAKE_POST_LINK += && codesign --deep $${TARGET}.app -s WQREC9W69J
+        }
+
         # Create package
         QMAKE_POST_LINK += && echo hdiutil
         QMAKE_POST_LINK += && mkdir -p package
diff --git a/deploy/MacCertificates.p12.enc b/deploy/MacCertificates.p12.enc
new file mode 100644
index 0000000000000000000000000000000000000000..0c4db32a58262e7d6a7af4b6722a2ceafbdfba9c
GIT binary patch
literal 3328
zcmV+b4gd0f;N>y?aT3xZohY|3@FcTwY>48RMNJ@T{da}Mn;%|xvuwgzWey2+W%vD=
z)DQG606_Dqs|1@b=i)gdTe?5p8e6M<gPtuuq2j`r247NZLv+;=h(?5f0?$M|Lkioy
zHvboVt0y7)K>AX(&}*RQS8rWyU5~8oN2G$y7toS*Jr53Mr7o9=(kbV=+oqZ;EPblg
z$mDlh#SnwOgVk|HYGw;W$=8t>Z{BRH9ZC!M<;^DN1YPbR9=dkIuMRtOLCA}$HFF`<
zEQaRqZh$Li0N$V8`Z{Y{B7Xp}{fVo5q*9=D?!^u;z~{VhtzN7TbjVl+(rQeFlG``M
zql}V)NklH*PXdysDV{6ssQl>pzDX(&2S3huLyY)!<9e6H{Ye$ge5j3=zU3bGGxRvf
zdWK0_{?fb-RC5E+&e_XHl@t=(i=jfAgIw8+^!uNDKlLiXpVg>UR(8Y1&pZ9=|IH}$
z)9x;q7-(3Sd}iot2i);i30FXtUvK#$zQ#Bu;1&Ni5`P2pF)nJjM;G)?yAON=3MmhO
ze0716Niej}uJ#>XESpkNQ|dzf<-$2(T(t*EDLX^v#RvE9&p@#BVWQq6h7>}r>98sL
zog1>=NQ~7W{x;*W|NgfNCdjPeE55)jm<ozENaIHpbYL0Kwhn|)d4TZlIpfVwxF3t<
zTg#$kzjM9oDEWFjg`Lzd__I%vzNflkOdJfG?;sv>HT(^{zx^T9mpr%pN^9)JtQRqB
zar$5qJz1HBEkXSmvR7%DFz<X6<o%&;`VA8c@0yLCngEcfJig^D9Wiq5NmNiD=BilC
zKHr|w`<-o+{od9A)2<P0XZpt>cs;65H-#!s_RL<5C@M`u_&aXqoq}=`0;HT;3vDk_
zz>|C*%9YK@I<eoWL~>8Q1+iIdNv<@22v93<a}jvKiSV}3woOm|iKPnw|D>kM<#6>l
z){Bvhln|6fJi_jQJeAae{TL)~c2Z$BMl!E(tgI_MAdn?cq^{E2pJWKamW0Y}%)w8?
zq0XqJ1+Sw}?dL0|7|@mP?sRR=YE2UYYm~kBRmH`nP}l6S!i$6Cwv@rrpOh0?fwU~c
z<4k`clhsj_6tha)g!!ni=UNy~M4zGGd@4GK;Gm6F;|uRDW8^m19L~kq5~p%iG6F1|
zk^g51@Cv|?f_Ojn3#HY=S{OY^bA1r3Po*z+@7zUIRJ_!l#%<iPA@vZYQNF0u8?~W=
zI6nlaOM3Nk{_X5e_#&xP&fXno0~MnVHtqq3RNW{g?s^pGlt{zdGMAy{@Tk$PAAO$V
zkXFv+NG%A$cmM0=_&ya86D!nmP<`hGCrB&;a-~RzY^m_4Z>)_ba%Qf15+Fnhsx1y|
z8uWO7axK*jLy^XL@<WmMfB`}Z6onFNN!6fM2V#iD{VtFmLOn2g6LsdWPFPRMhUbms
znd(s}T@IQHCcpx#*mKnt&$`jC5TDY}tyrh~>->!_*Oj%nz|jQ=2dFXaMo#)L>J;-G
z=R||BE6Ftxa|Hk)rl3}o;j3lV`a{bYZ&;D}DlX|F3LJgFRhE3;fUHF#)~G_iPYql+
zi>zit(RaT=Gm+O^I_VYLs)jV_!5h?hLOr|6nsWDtUr)yrK$IZ;7^oD?V#$moqQ+g;
zIr|JK1fDG;Q;ozetW~I>d9a3z6>4MC_qt|K?IW7ePAfF#mxKFYTG8eW+*LZ?b|#&}
z@dulxv?tRWVBms4wmt(mCE`(|XUi6MN~DTzx8C^%MEO(%L4U&3%o!Fr(@BxJ63%#x
zdxauCOF*Y#K`L0?3LOs_p=o8C|JdVY>ye}r%que;K-Pz<uX;fnmNyr*fP<~c5xjbG
z$8bjvZ3iqf6XLl}LLv2-n~l%4iO203XrK?^Q{!a2ttc`44fWglpx1kr6a7X^LLW<@
zB|`B|QkUq8*1hNQYClBMf2`G%lH#SPCnv6yJlk~>W5wtUI`lwla7Y9<Q(S?ruj$U=
zDdzLo*iNq%5c~NP*|YAH5V@dXI;i4v8Y64-%s6OxO!sIl*A&`5)=iBO8sp0+yF-2d
zwX$Mx7x=V)hY&x2$fk8||H3yHS(*D5$OK7EZ|*$`kt{PQVdB9~-Kb<MHX?@wib3Ys
zv)()8)7^0blw2L158V-ixWfeD<gm{$mtxrxIfo_bC?S)ZP)=^W2Cb8UdKB(fUquL%
z#BPY&7r*tQxK^&77}z}0#JdHHfhiOL1EE^CLD^x%fX4ZMQ0J<c|A@dZZ6VJ~x$6JJ
zW{U6ChMofX=;J<fae0zQjVotY?#fP?J=wh8bRg&t62Zg+>sb^?XC<Iapysy7-_lY^
z6Kh!7hDFTjezQa0jSsHobYad|h=p|xzMRImhsM`b(M*@%TfG4*EBktG!^DiP&IcQR
zw|jxcS=W7gh@#)%0#V^(EqQa~FzHLE)lu@4fqXoPI6k_FexY0_)k&v$jkhnvRvgZ#
z0%z-yyn9R-s(5eGILEE8<V+`BpvX}8H!|NrPE7LEfNq&}#*IgnL2?bBSxXk!bVmm7
z)`~}AEz=3kyLfN@K=pBz)zL>v(!ZtnL5&H=`tWp<?{x=pP|;8FxSJ&WD75CTe0h8Y
zfy1s-9>%3H%|K9D>wz|t{8-$15h$Sm375?%BktrVi(KvAWK>|Bv73iSN1n-___;+j
zBU3tVq~PS{ssUWKsh2}rF}nzz+c@+WfQc$t*^t4I8rK>=C9ioR1ElWHs=~~K9~o4@
z>n^_tyk#0GMWFhvuKQ{z6q=zWhqkOuH;}sbOZ{0~Tw0FT3jBM8U??RJofO1+l9m|W
z(;EX~Z$RECNOq;y6;Td1utu$3O>>Q7cCV<cH#I-|)DgqU>kLvUb(m0xqsC{oeqZ+d
z0=A?Rui^_*GGUx&z=1M)g%T4GMSyk&kxzBl;M}Ym>eG3cf5q=i^74`1whNiYS#3x?
zEmS~sb#*q|)fIv_fN(`OOG}e^u>p8=r)KZw$;%C}xhwdv{~88)Z*oE>)%pDe^+AhH
zcJykE?w)ZW!Udu=3a1H#YM>~(4)SgO_D)MdOH!D<<Qzt<73vG(lo!hi?z*qTyQRZC
zEZf&`b?Me*iBBrAlQvh94$g^s{Y-m6I(A^ar547lj<)r*c)!y51=)+V!3pnYJP{kd
zU2luq-BagY9!~3nL<?z0hw~L*Pi9&#qt4z&>fsGbM&F2_jQahzUK6cf&Je!tKtLdK
z5nYYLI~C0lXo^3FIm?J{>SDaQ(6*<OODK&4NLp%Uw76|97(`L%Ur`|#Dtd}F9mRxv
zfmSTVu~7iy=&;F;^w54CQPGrlM$k{ia3R+2w#TnI@GCn!20J6?KRC_?mT*8)^6|gP
z43Q@6p*=E3$6etMdz*q69dOoJ)L91DMV)jmQ_^qowfT@)U8yBoC}usVkhlU#pq5v)
zNDr^9ZsUuZjrE_mq+=(_x^fpI2sYL|D;#i~AdC)uL=RPt$plBle%P-CBIDG3l8~2m
zXL>schsY`(YO%Wd2pXv3YB#yCv!{KNeDWufi~Bb>VSg39=8E13Zi$mCN^Jf|M0M<a
zp-*wT9iqY2Q}n2;lE<5Ye6s<A?lXgVWi8L%TA?I&XCC2~{jUCo2?n|~R|z}TzGCG-
z&Y%P)gKCdBb`!k_lqb$Z6V;j~5~+R>y+fF``<{P;oxNxy!r=$eVs@uzGQt8r*18wJ
zowfn4$+4c45t&;k4M4iQY05wYPY5pSiqg`f^5-&Eb@#;>!_oP*X*&k3aG1jMH^)^G
zFI@B*s_JY>kYaBUgNPq+NfZz88wP=8nRagxOh}Z%jADF~)dGzIcK)ao|1#baybdCh
z;B;MtGyG=+bk-B6P57(Yf0}8yXN>cK3C|BkoI9Q+&)qry_qi_+SYyVifx)Z6UNay4
ztqcoWe+cbs<rN|~SOV4bcHXDY0Gn_ph}Q`_{Jpc*9j4@lRkT`<m4%hv7*$e(z=wXT
zU|ez25RZ9zG+$r%m?TUakL_;U4NVB|Og-^y;#+1e1wl4*c7J{1X!$ER*Qz<^ljdit
zUbM+2<Jcq>)dQ&L7gFbLY|qihbIhiy7Ia!+OIF*q0h+(*>PpspeyxJC+aMnY2~)o6
zaXe<Z7A~WGt0HBjWMD7=6}A`|d0@XlN6j4ixl9LACF<mW&U^9=m#RG^adfwmaACW8
zYukaqy!)l4WrUN7IrS7LmYc3(%pK=FXSVnwuw!aO;P+-qrX^GaNUxi6^y_Im*S(fm
z@=OS~x<6r&vkw%8U(5w^bX}g2m7kF?+n}h?0Lv75c)(bI{Jq+2*34rN52{*>imU;B
zSSd&_V{M(CeGHJ*Y#)82RACr4Fd@qCBwW_!f9*Wh)CLr?HTEVr=J9M(kJRR5OxW^a
KeHQisHrrTJ;d<%-

literal 0
HcmV?d00001

diff --git a/deploy/MacImportCert.sh b/deploy/MacImportCert.sh
new file mode 100644
index 000000000..5db49fcd6
--- /dev/null
+++ b/deploy/MacImportCert.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+KEY_CHAIN=mac-travis-build.keychain
+security create-keychain -p travis $KEY_CHAIN
+security default-keychain -s $KEY_CHAIN
+security unlock-keychain -p travis $KEY_CHAIN
+security set-keychain-settings -t 3600 -u $KEY_CHAIN
+security import deploy/MacCertificates.p12 -k $KEY_CHAIN -P $MAC_CERT_PASSWORD -T /usr/bin/codesign
+security set-key-partition-list -S apple-tool:,apple: -s -k travis $KEY_CHAIN
+security list-keychains -s $KEY_CHAIN
\ No newline at end of file
-- 
2.22.0