macos code signature for afsd

this is a dodge; we should sign with a real certificate and distribute
signed binaries. until we more formally exist, this allows application
firewall to at least cope better with us.

Change-Id: I84d18f72f7b9a42f4eb41f86e2e6dc1ae54f662a
Reviewed-on: http://gerrit.openafs.org/1057
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/packaging/MacOS/OpenAFS.post_install b/src/packaging/MacOS/OpenAFS.post_install
index 2864a94..8f569d2 100644 (file)
--- a/src/packaging/MacOS/OpenAFS.post_install
+++ b/src/packaging/MacOS/OpenAFS.post_install
@@ -122,6 +122,13 @@ elif [ -e config/afssettings ]; then
   chmod a-x config/afssettings
 fi
 
+# properly, we should acquire a certificate from a real CA and ship 
+# signed binaries. for now, make Application Firewall (Security prefs pane)
+# happy like this. See TN2206
+if [ -f /usr/bin/codesign ]; then
+  codesign -s - /usr/sbin/afsd
+fi
+
 #here we should run tools which configure the client, and then if it's enabled:
 #start the new launchd daemon
 launchctl load -w /Library/LaunchDaemons/org.openafs.filesystems.afs.plist