I use CMake
add_custom_command(TARGET POST_BUILD COMMAND codesign ...)
for signing executable files on build.
It works fine, but when CPack generates package it rewrites rpath on executable files and call strip command on them. This changes the file and invalidates the signature. Is there any way in CMake to sign binary files after CPack finishes install and before actual packaging?
You should be able to sign and strip in cmake alone. But you also want to add the --strip to the cmake install step if you do want symbols stripped (e.g. cmake --install . --strip).
add_executable(my_bundle_exe MACOSX_BUNDLE ${SRCS})
set_target_properties(my_bundle_exe PROPERTIES
XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "${MY_CODE_SIGN_IDENTITY}"
XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS my.entitlements
XCODE_ATTRIBUTE_PRODUCT_NAME "My Product"
XCODE_ATTRIBUTE_DEVELOPMENT_TEAM ${DEVELOPMENT_TEAM_ID}
XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER my_profile_name
XCODE_ATTRIBUTE_DEPLOYMENT_POSTPROCESSING YES # this is needed for strip symbols
)
