From b12e2d990b8b82f4019c890933f60b8fa86eb2ff Mon Sep 17 00:00:00 2001
From: Don Gagne <dongagne@outlook.com>
Date: Sun, 21 Jun 2020 12:53:42 -0700
Subject: [PATCH] Sign OSX builds

---
 .travis.yml                    |   8 +++++++-
 QGCPostLinkInstaller.pri       |   5 +++++
 deploy/MacCertificates.p12.enc | Bin 0 -> 3328 bytes
 deploy/MacImportCert.sh        |   9 +++++++++
 4 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 deploy/MacCertificates.p12.enc
 create mode 100644 deploy/MacImportCert.sh
diff --git a/.travis.yml b/.travis.yml
index 069ad6aedd..d4fbc60738 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -186,6 +186,12 @@ before_script:
         git fetch --tags origin master &&
         ./tools/update_android_version.sh ${BITNESS} ${TRAVIS_BRANCH};
     fi
+    
+  # Install signing cert into OSX keychain
+  - if [[ "${SPEC}" = "macx-clang" ]]; then
+        openssl aes-256-cbc -K $MAC_CERT_KEY -iv $MAC_CERT_IV -in deploy/MacCertificates.p12.enc -out deploy/MacCertificates.p12 -d &&
+        ./deploy/MacImportCert.sh;
+    fi
 
 script:
   # run qmake
@@ -197,7 +203,7 @@ script:
         echo "Daily build" &&
         export STABLE_OR_DAILY=DailyBuild;
     fi
-  - qmake -r ${TRAVIS_BUILD_DIR}/qgroundcontrol.pro CONFIG+=${CONFIG} CONFIG+=${STABLE_OR_DAILY} -spec ${SPEC};
+  - qmake -r ${TRAVIS_BUILD_DIR}/qgroundcontrol.pro CONFIG+=${CONFIG} CONFIG+=${STABLE_OR_DAILY} CONFIG+=codesign -spec ${SPEC};
 
   # compile
   - if [ "${SPEC}" != "macx-ios-clang" ]; then
diff --git a/QGCPostLinkInstaller.pri b/QGCPostLinkInstaller.pri
index cbe1480fa2..1acf8de05a 100644
--- a/QGCPostLinkInstaller.pri
+++ b/QGCPostLinkInstaller.pri
@@ -31,6 +31,11 @@ installer {
         QMAKE_POST_LINK += && echo osxrelocator
         QMAKE_POST_LINK += && python $$SOURCE_DIR/tools/osxrelocator.py $${TARGET}.app/Contents @rpath @executable_path/../Frameworks -r > /dev/null 2>&1
 
+        codesign {
+            QMAKE_POST_LINK += && echo codesign
+            QMAKE_POST_LINK += && codesign --deep $${TARGET}.app -s WQREC9W69J
+        }
+
         # Create package
         QMAKE_POST_LINK += && echo hdiutil
         QMAKE_POST_LINK += && mkdir -p package
diff --git a/deploy/MacCertificates.p12.enc b/deploy/MacCertificates.p12.enc
new file mode 100644
index 0000000000000000000000000000000000000000..0c4db32a58262e7d6a7af4b6722a2ceafbdfba9c
GIT binary patch
literal 3328
zcmb<>@YL{Mq0l9zxf<IIKB#Oi%;|VE!_`+I>u-7M(b@8G<(qR3MWym_mZX0FJM#+v
z7hML2&#P9m%+`PY$Wl3am;GI-=+(8&^K|VNJ~}jmEj}pQx#X%)hg(Yn(|H#gXRh0O
z&HjtmtX5b2<?t(L>xJwE&%^U$b7TA0ymepFbXNSrq*7aczO<!!(>pI|KHq(N*(`0H
z+ErIiJSmSpD$u;I`D&qCRvNd<$?Fp(^6%xWmi6NP@${_PbC%e53Ua&34z1_2E^$23
zy~?y$@rq8{v-f!o+UX4U=HL5el^v~A&#>`t=jxgzK?_RX9py7P@O)3f+PF3RB_|@-
zE@k<&PP%P=baBt5Mo$;Ld;Uz5mTS(_e!Jq&i=X>EwFKDh&s8}0{3v}~HT~#cPtmhA
zD|)Bzdn)(c_>0Afsy5H4f0y>~g%mSiICt~3`&1F3JKYPNW;Ms$?D_J0evSQCt%LKg
zt_Te)JACxK_21Y3&uV<R{7!F%L`KAnnzR?$>~}tfafUlgi_ib5wC|XO>I2dLW<vGM
zpAGf0cDRdw@!QQ`!_1}0-%wN9ILXss%lUQRWaD&Z2L%Pca{Bx9kY!@bR(3B<Yv*T2
z*}uO#@37%Z;-Y)XZ6Z!<UvAL+Jy&|uJ&&HN3jfR=Z~XsnJGa`2H4nA-9nhV@)n(@K
z*j=<FLGr>jzLtQ>h7a#7AD{K#A>aKp`t+id{l$A<Yy7OTZk>BY|Ho$kN&A-XO7fB6
znf+ctuE_Kc@1FgC6|YRU+5X2X`_0ic;)dCUzY>IOBWJeiI{ua16rMTL;C+qAlfMh|
ze(?%(zn|4RZx+LZ6*l{x>c|=vz4HtSkbkx+;*8z>d6$0A&7Jc1-ZjR{>jZPse;rq>
zuwCVE-m2yQ?Mz&+hL*4M59_>VbDN5UnU>6n;?C6%Ixx9L{?yd7C#^Q#U+GfhzmIie
zWRB-LlLn3e?Sf*#ii4dWwq4xj>;JEFDL2FaCCg4dE%<72t$Sk66oDzOHizCd+DyID
z_*X(Dzbq)x%*|+h!J0MNHVP9|1D342bbEdZ$DwI0r*h96^gq1t+=?Zv>lX*SeXhMs
z;=<JT?@DsdW%&v-Wl!1rJ@n|&r2*I9Y&_K6{AAmdgO}z{5sqryqI3AMPrc&gtASHQ
zHhbM^`MF~K^C$^_m-!3t*JxRFJXp{h`k4E@Uh)&O>oVt#-Vj<|6l%nzGiT!ebdC>P
z2PQOC*ni_*di8LWgso?Bt-u=prTXRX@3@AB?71@USni!oieCkm2JTyNMSAPPCJTF(
z72Z`}i~hZR<M%^pWyraEvgypCi}}pnF}8=?)lhv`CGvcV$Kl&X(-%Jdu;Suc`PzAp
zCxo4Q>Y>YVsQmxyXFu#j1%<V*6a~~iXI1ymVJcec(VnyN!}9z!y=p~i>nep5T)0;0
z^5sZ<si-f~y~^u6@mS?2=ZQZW7@fF8T7|MbuPz8<PwF`OS8sxxldVCOaOtxRei8ns
z+Mf45nfWSEBbIL#x7q=w)i;W-ik{zfalOF&OBdEgEdTxbPp{tfsatm(xX8-EzQXXW
zo8K>kS0bNfpSv_~&^~D@Sj@_xxNJe#l!vQRul;g9Es-BF@u!yFOC>Iu+5@4}YVJ3z
zaaFpu!fC%hZ;VCvnl$H&<@+6tCti=SdMSE)Rh!AngVI+joosiXnpO0@J>LJgh{F_x
zzY;4%&Lo}eQCV~>_L}8y9u1axy2`=5M|9VOu2@jHp{++WEBW&GU1<Stm1kY_(>8fF
zz4>=S)Wv7KcS5c1m#NJ?{E>b3vMuVDr4t@BIc&3IworW(xH$c^Sh?4duDtE{ezLjz
z3}JDsKXm1cq?qMp&xt#Q&Q<hOw<_6rJ1kFh)QY&vCCe|lFf(=b{~M1}Ur$^jd`8<?
z*5O+Fs`XWl($mbvw>C7dJt?@Ss_1xuJAW>_j<N8goqkS=UuVqjJ-@Z{_*==01^f?!
zAE)eIt6}(u_v`In3$9mB6aMSw<0S9BK-KA^U(oayUDx(L|CD9#a;bjJ)hUx6EnT6m
zzHW-m?NZ_7qc3=@zBptRc(9lU$26{6|MJ{J&1au)-0)j3D)9TK@XgKdrU>j@kZ85y
zQL&VA_UAJe85KU?Gjy+u+_Jmo+bbyb__X?N=i2{UHzgH_|JYLBE@0nqVp(bK|3l{D
zku!gbonZ0w&3|XhHBrY{Gx5<uzq>0^w9S;-S-Tvc-PnB3`pM<Hg-laoWaskV6>Q#d
znC0P<4d)G}C*2gXY*&4$p*VSVfM4ETwzZQRt3=*~#k+D$Ig;0LTYUf5MLWXQ&6Buc
zbLq%#*6v145k}^PQQIAFCLU=x_Om|V`KlTJI}YgQDxUY=`Rf1Sw66D8+vYL-eDT<>
zxUh1Pd#`qS_`6enGi`6~xmTj_f?w$15$4yCA|C0g3w#zl+jipqr65n??1)=!u4i7>
zZFauj%fIefN#ePPj@DA%eRGcOXg_v6<f6~?2hn>OwY7g&<sClKv+f+bbp7_~#$%D!
zYpXjJ-G9Io_%K<wviOO?OYap|13yh^tg-2|u-ny9w=hQIs^{{`-tGEF!eq{^U`l^I
zaZk06#Hxz?OBTo1u7BdA9=qT~zz=hy`;LA-pRP9K%`83E>ps=7h<ARZx7dvmceeM}
zy4(|WFLR#TU6KFK;cMa4s~6q9F703X!?Bn1_^%Holi!!J7Y1DP|FmPa${&p_&(_sc
z*044nUKcEPY^mW{hk(e}jb@YoMBJ$q)L6*CIsL4L^1CM*-7#<PrGzBR**Lr1-F@E4
z`9F5Lnkold<t=&e<k>35m~AVkJ4YMt=9qii;){4gr&h$x2?r-gU6-;`U0<ohyyV^a
zRfo>B$V-MCc&)deV^6A-rt5-VYuEkG(h!-oP_=#A8ej7XyS{t>jf{zj>buVMr@A#k
zLsej|$dRf^(<JU)mS#@McetnFQMUBDXds{Y2Di0wzQw)CW$Rb0F*mjUeMRu_$=5tV
znx!)W+7};7-&z;{?GMwoCBo|;aR(VC&PhMeXjIiIBrM?CP{uaVzx2j~J8Pt0U9Ox_
zfAqc2r%w~_ZR4JKEHc-_RyV|<q_ouR_Epg)^M(Rfb8qj-l^Yo=N|vX+e|GXT?}nY)
zKQ{cAVynzAa#Fwg^DpaH$8Nu}FIm0s<`pU)VqIj)wVbmhYk|ftzE8RTzWI4OdI!ze
z`$WcVjp!@xM^nU4bG_TO{_yUlhi!CjUoR+qc`c>WUu)xJv+zlL=Q^wY`cykul_l(5
zDt2s5-?pz?D)wLc$$GPU%R$cf={ADW`(pFEZ{H1m9w+Dby4i(0)4lz(XuN+~l>Xv#
z_uO7R<n?yD-?5<Q*Wc}N!fWHt3G934;Gj?}7~6Z;TJ)@7MwflN<>`*RS4n$zUD&pK
zvbRPrvqw}`+Lj%;dJ-;yFX96gCA6x#Ol6O@)HH_a9Niem@c6}sll@;V)X4^3oKo&~
z!T)H1;<b0%j<2`;plxl#X080(-r^kFv;v2qPapT6<e8}UW}&T-`|;R^{MECY#AOSv
zMP7+yyWu*wL@)SK{>QC9Cq%}sRE^e1vt2P^2b1T5Y2jNv_}8z=d)z&%_v`%aOOn-3
z?J5#i<}kZvt1VM7N1=zW)`dT`?<9-+k-8h}S(P4Nshu=odTDx<HD~(?ExD|XyMA#<
zt$37WzH`Io<+YP*KB-UY{%vlaSTDNwS=T*|yw1tmUOE5VT}t27F7z+lCA;Y0)!;8H
z)=WA+yRl|7WAi)X=E_vv^Y@|_s+6b8J)Hh`-M=<Ywq2&-oYvR&B|UXGw}3^hIji5I
zOn5KH6!mk?!dGXh39YOX-0M7J+wXbx&2#r=C?9&rele+RdAiXdCcA69#P`qL#<=d}
z#(7f&XGUxAI_%n$dCGy=pF{6;*QHB~KRq`JEB$^{;_$_vTQjZM))ve-^u_#msGxq#
z7pYaRay%y_<qI}<$QO8u@PCkIYfPP4mM`ezG38KCQqAP6OubBH|5k|nH@YXhhfitp
zgOb=5<3H&vCD(+P`~FyctA1AIj`W_-jhyHC-R4-&Q$2sz^8fdp`T`Nj$5u8TTzxRk
zSpM%?9`5LRj<?xQMU~7Wn67>)ySMy2!|Vd}j_aJ(fA(&^CcErOTj-Xk{;91~?@ELQ
zH6LiNTb&S7cv+yoveG0z{>KazAL;(Ld3ShyIo|u&e$0Lpou<d?XjWWSU;8NIr?$oQ
zRhG{uKTBT~x8<bj;~OfXSD9D55D$8umvjE&@!~VfR*98FC3=V5-o`j<|I1fi*J|q4
zHf_4CAkWSjyzf<^P1;T|y~VYwl~R|aBp5J=Zj+F#OxW+>epcq!P9OFl)mKj%&Q*Wn
zoxaLerLbiCq=LlVRoS;25A6B9bZKhK<W9@4BI?s-uS+^3``k8t+YjXp$yqKBzNdLD
zQw?G9SU<by%j-<*>wBj~e)8eizRNyw;%0u4w)iuwMJ2KGCQh9{(ct!i6&D#!i&Rw{
zh-mn;_g2oeGsyz{tD<_k)-cvaXnGhV=gys5%QN9>j(qLnkVFYH1I1JCRbs9^tAA^A
h?FyU7Cev?f7SBHB1ovNgmf~~cQ(~>yH%7DD5dc%+dg=fG

literal 0
HcmV?d00001

diff --git a/deploy/MacImportCert.sh b/deploy/MacImportCert.sh
new file mode 100644
index 0000000000..5db49fcd60
--- /dev/null
+++ b/deploy/MacImportCert.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+KEY_CHAIN=mac-travis-build.keychain
+security create-keychain -p travis $KEY_CHAIN
+security default-keychain -s $KEY_CHAIN
+security unlock-keychain -p travis $KEY_CHAIN
+security set-keychain-settings -t 3600 -u $KEY_CHAIN
+security import deploy/MacCertificates.p12 -k $KEY_CHAIN -P $MAC_CERT_PASSWORD -T /usr/bin/codesign
+security set-key-partition-list -S apple-tool:,apple: -s -k travis $KEY_CHAIN
+security list-keychains -s $KEY_CHAIN
\ No newline at end of file
-- 
GitLab

