From 49b287820952332a8be3daca6d6450cb0debe907 Mon Sep 17 00:00:00 2001
From: Jason Rhinelander <jason@imaginary.ca>
Date: Wed, 15 Jun 2022 16:42:48 -0300
Subject: [PATCH] Require explicit disabling of codesigning

Make the mac build require passing either an explicit -DCODESIGN=OFF or
the code signing identities.
---
 .drone.jsonnet        |  3 ++-
 daemon/CMakeLists.txt | 19 +++++++++++--------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/.drone.jsonnet b/.drone.jsonnet
index 684841501..caf5aca02 100644
--- a/.drone.jsonnet
+++ b/.drone.jsonnet
@@ -260,6 +260,7 @@ local mac_builder(name,
                   cmake_extra='',
                   extra_cmds=[],
                   jobs=6,
+                  codesign='-DCODESIGN=OFF',
                   allow_fail=false) = {
   kind: 'pipeline',
   type: 'exec',
@@ -276,7 +277,7 @@ local mac_builder(name,
         // basic system headers.  WTF apple:
         'export SDKROOT="$(xcrun --sdk macosx --show-sdk-path)"',
         'ulimit -n 1024',  // because macos sets ulimit to 256 for some reason yeah idk
-        './contrib/mac.sh ' + ci_mirror_opts,
+        './contrib/mac.sh ' + ci_mirror_opts + ' ' + codesign,
       ] + extra_cmds,
     },
   ],
diff --git a/daemon/CMakeLists.txt b/daemon/CMakeLists.txt
index 5f3d91aa9..50999b080 100644
--- a/daemon/CMakeLists.txt
+++ b/daemon/CMakeLists.txt
@@ -70,7 +70,8 @@ endforeach()
 if(APPLE)
 
   set(CODESIGN_APP "" CACHE STRING "codesign the macos app using this key identity")
-  set(CODESIGN_APPEX "${CODESIGN_APP}" CACHE STRING "codesign the internal extension using this key identity; defaults to CODESIGN_APP if empty")
+  set(CODESIGN_EXT "${CODESIGN_APP}" CACHE STRING "codesign the internal extension using this key identity; defaults to CODESIGN_APP if empty")
+  option(CODESIGN "codesign the resulting app and extension" ON)
 
   set(mac_icon ${CMAKE_CURRENT_BINARY_DIR}/lokinet.icns)
   add_custom_command(OUTPUT ${mac_icon}
@@ -100,8 +101,14 @@ if(APPLE)
     MACOSX_BUNDLE_INFO_PLIST "${PROJECT_SOURCE_DIR}/contrib/macos/Info.plist.in"
     MACOSX_BUNDLE_ICON_FILE "${mac_icon}"
     MACOSX_BUNDLE_COPYRIGHT "© 2021, The Oxen Project")
-  if (CODESIGN_APP AND CODESIGN_APPEX)
-    message(STATUS "codesigning with ${CODESIGN_APP} (app) ${CODESIGN_APPEX} (appex)")
+  if(NOT CODESIGN)
+    message(STATUS "codesigning disabled")
+    add_custom_target(
+      sign
+      DEPENDS lokinet lokinet-extension
+      COMMAND "true")
+  elseif (CODESIGN_APP AND CODESIGN_EXT)
+    message(STATUS "codesigning with ${CODESIGN_APP} (app) ${CODESIGN_EXT} (appex)")
     set(SIGN_TARGET "${CMAKE_CURRENT_BINARY_DIR}/lokinet.app")
     configure_file(
       "${PROJECT_SOURCE_DIR}/contrib/macos/sign.sh.in"
@@ -113,11 +120,7 @@ if(APPLE)
       COMMAND "${PROJECT_BINARY_DIR}/sign.sh"
       )
   else()
-    message(WARNING "Not codesigning: CODESIGN_APP (=${CODESIGN_APP}) and/or CODESIGN_APPEX (=${CODESIGN_APPEX}) are not set")
-    add_custom_target(
-      sign
-      DEPENDS lokinet lokinet-extension
-      COMMAND "true")
+    message(FATAL_ERROR "CODESIGN_APP (=${CODESIGN_APP}) and/or CODESIGN_EXT (=${CODESIGN_EXT}) are not set. To disable code signing use -DCODESIGN=OFF")
   endif()
 endif()