...so that LibreOffice.app dmgs built with --enable-macosx-code-signing with an
appstore-enabled identity will hopefully no longer be rejected on Mac OS X >=
10.9.5 as "'soffice' can't be opened because the identity of the developer
cannot be confirmed." (Which I cannot verify for lack of an appstore-enabled
certificate, though.)
First of all, do not ignore errors from calls to codesign utitlity. Really.
That reveals that soffice cannot be signed as soon as it is linked, as it
requires all the other stuff in the app to be already signed. So just don't
sign it after linking, it will be signed last step in macosx-codesign-app-bundle
anyway.
Second, --resource-rules exemptions are no longer allowed per
<https://developer.apple.com/library/mac/technotes/tn2206/_index.html> "OS X
Code Signing In Depth."
Third, the handful of remaining shell scripts in MacOS/ need to be signed too.
(Signing them adds extended attributes to the files.)
Unfortunately, as discussed at
<http://porkrind.org/missives/mac-os-x-codesigning-woes/> "Mac OS X codesigning
woes," "hdiutil makehybrid" drops extended attributes from the generated dmg (so
the dmg's LibreOffice.app would no longer be considered properly signed, as the
shell scripts would no longer be signed). So switch from "hdiutil makehybrid"
to "hdiutil create."
Change-Id: I4b587f87d504666f7a1d0e3a24a8be76f22014c5
615fae2f67