From 418e220c00297f7871d0cafed7e44277cb0d8f8c Mon Sep 17 00:00:00 2001
From: Wojtek Figat <wojtek@figat.pl>
Date: Thu, 19 Oct 2023 22:40:42 +0200
Subject: [PATCH] Add proper codesigning for the Editor app for macOS

---
 Source/Tools/Flax.Build/Deploy/Deployment.Editor.cs  | 4 ++++
 Source/Tools/Flax.Build/Platforms/Mac/MacPlatform.cs | 9 +++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/Source/Tools/Flax.Build/Deploy/Deployment.Editor.cs b/Source/Tools/Flax.Build/Deploy/Deployment.Editor.cs
index 87a2ae340..78875c5d8 100644
--- a/Source/Tools/Flax.Build/Deploy/Deployment.Editor.cs
+++ b/Source/Tools/Flax.Build/Deploy/Deployment.Editor.cs
@@ -192,6 +192,9 @@ namespace Flax.Deploy
                     var ediotrBinariesPath = Path.Combine(appContentsPath, "Binaries/Editor/Mac", defaultEditorConfig);
                     Utilities.DirectoryCopy(ediotrBinariesPath, appBinariesPath, true, true);
 
+                    // Sign app resources
+                    CodeSign(appPath);
+
                     // Build a disk image
                     var dmgPath = Path.Combine(Deployer.PackageOutputPath, "FlaxEditor.dmg");
                     Log.Info(string.Empty);
@@ -335,6 +338,7 @@ namespace Flax.Deploy
                     Utilities.Run("strip", "FlaxEditor.dylib", null, dst, Utilities.RunOptions.None);
                     Utilities.Run("strip", "libMoltenVK.dylib", null, dst, Utilities.RunOptions.None);
 
+                    // Sign binaries
                     CodeSign(Path.Combine(dst, "FlaxEditor"));
                     CodeSign(Path.Combine(dst, "FlaxEditor.dylib"));
                     CodeSign(Path.Combine(dst, "libMoltenVK.dylib"));
diff --git a/Source/Tools/Flax.Build/Platforms/Mac/MacPlatform.cs b/Source/Tools/Flax.Build/Platforms/Mac/MacPlatform.cs
index 3be0beb76..8b614b6e4 100644
--- a/Source/Tools/Flax.Build/Platforms/Mac/MacPlatform.cs
+++ b/Source/Tools/Flax.Build/Platforms/Mac/MacPlatform.cs
@@ -53,10 +53,15 @@ namespace Flax.Build.Platforms
         /// <param name="signIdenity">App code signing idenity name (from local Mac keychain). Use 'security find-identity -v -p codesigning' to list possible options.</param>
         public static void CodeSign(string file, string signIdenity)
         {
-            if (!File.Exists(file))
+            var isDirectory = Directory.Exists(file);
+            if (!isDirectory && !File.Exists(file))
                 throw new FileNotFoundException("Missing file to sign.", file);
             string cmdLine = string.Format("--force --timestamp -s \"{0}\" \"{1}\"", signIdenity, file);
-            if (string.IsNullOrEmpty(Path.GetExtension(file)))
+            if (isDirectory)
+            {
+                // Automatically sign contents
+                cmdLine += " --deep";
+            }
             {
                 // Add entitlements file with some settings for the app execution
                 cmdLine += string.Format(" --entitlements \"{0}\"", Path.Combine(Globals.EngineRoot, "Source/Platforms/Mac/Default.entitlements"));