macos installer: Default to using ad-hoc signing

When there is no signing identity to pass to the macOS `codesign` tool, we can use `-` instead as the identity to perform ad-hoc signing. From `man codesign`: > If identity is the single letter "-" (dash), ad-hoc signing is > performed. Ad-hoc signing does not use an identity at all This makes it easier to test the sign() code-path in package.sh as we'll run the same code regardless of `NO_CODESIGN` being set or not. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
containers · Feb 27, 2024 · 74b8787 · 74b8787
1 parent 19d3329
commit 74b8787
Showing 1 changed file with 1 addition and 4 deletions.
diff --git a/contrib/pkginstaller/package.sh b/contrib/pkginstaller/package.sh
@@ -4,7 +4,7 @@ set -euxo pipefail
 
 BASEDIR=$(dirname "$0")
 OUTPUT=$1
-CODESIGN_IDENTITY=${CODESIGN_IDENTITY:-mock}
+CODESIGN_IDENTITY=${CODESIGN_IDENTITY:--}
 PRODUCTSIGN_IDENTITY=${PRODUCTSIGN_IDENTITY:-mock}
 NO_CODESIGN=${NO_CODESIGN:-0}
 HELPER_BINARIES_DIR="/opt/podman/bin"
@@ -25,9 +25,6 @@ function build_podman() {
 }
 
 function sign() {
-  if [ "${NO_CODESIGN}" -eq "1" ]; then
-    return
-  fi
   local opts=""
   entitlements="${BASEDIR}/$(basename "$1").entitlements"
   if [ -f "${entitlements}" ]; then