...so that LibreOffice.app dmgs built with --enable-macosx-code-signing with an appstore-enabled identity will hopefully no longer be rejected on Mac OS X >= 10.9.5 as "'soffice' can't be opened because the identity of the developer cannot be confirmed." (Which I cannot verify for lack of an appstore-enabled certificate, though.)
First of all, do not ignore errors from calls to codesign utitlity. Really.
That reveals that soffice cannot be signed as soon as it is linked, as it requires all the other stuff in the app to be already signed. So just don't sign it after linking, it will be signed last step in macosx-codesign-app-bundle anyway.
Second, --resource-rules exemptions are no longer allowed per
Third, the handful of remaining shell scripts in MacOS/ need to be signed too. (Signing them adds extended attributes to the files.)
Unfortunately, as discussed at
615fae2 Attempt at fixing Mac OS X code signing
setup_native/source/mac/CodesignRules.plist | 17 ------------
solenv/bin/macosx-codesign-app-bundle | 35 +++++++++++++++----------
solenv/bin/modules/installer/simplepackage.pm | 5 ++--
solenv/gbuild/platform/macosx.mk | 6 ++++-
4 files changed, 28 insertions(+), 35 deletions(-)
Upstream: cgit.freedesktop.org