From: Derrick Brashear <shadow@dementia.org>
Date: Mon, 4 Jan 2010 18:44:48 +0000 (-0500)
Subject: macos code signature for afsd
X-Git-Tag: openafs-devel-1_5_69~48
X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=c03980f710a9b169f68ce72a2f00b1a414c0ad2d

macos code signature for afsd

this is a dodge; we should sign with a real certificate and distribute
signed binaries. until we more formally exist, this allows application
firewall to at least cope better with us.

Change-Id: I84d18f72f7b9a42f4eb41f86e2e6dc1ae54f662a
Reviewed-on: http://gerrit.openafs.org/1057
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
---

diff --git a/src/packaging/MacOS/OpenAFS.post_install b/src/packaging/MacOS/OpenAFS.post_install
index 2864a94..8f569d2 100644
--- a/src/packaging/MacOS/OpenAFS.post_install
+++ b/src/packaging/MacOS/OpenAFS.post_install
@@ -122,6 +122,13 @@ elif [ -e config/afssettings ]; then
   chmod a-x config/afssettings
 fi
 
+# properly, we should acquire a certificate from a real CA and ship 
+# signed binaries. for now, make Application Firewall (Security prefs pane)
+# happy like this. See TN2206
+if [ -f /usr/bin/codesign ]; then
+  codesign -s - /usr/sbin/afsd
+fi
+
 #here we should run tools which configure the client, and then if it's enabled:
 #start the new launchd daemon
 launchctl load -w /Library/LaunchDaemons/org.openafs.filesystems.afs.plist