osx: Strip signature from copied libraries

When copying a library we use `install_name_tool` to change the shared
library search path so that they will find the versions within the .app
bundle. However, since this changes the file, it breaks any code signing
signature. We must generate a new ad-hoc signature, particularly since
recent versions of macOS have turned on more strict checking for code
signing signatures.

Author: fragglet

pkg/osx/cp-with-libs

@@ -68,7 +68,6 @@ install_with_deps() {
 	# Copy libraries that this file depends on:
 
 	otool -L "$src_file" | tail -n +2 | sed 's/^.//; s/ (.*//' | while read; do
-		
 		# Don't copy system libraries
 
 		if is_sys_lib "$REPLY"; then
@@ -95,6 +94,11 @@ install_with_deps() {
 	if is_dylib "$dest_file"; then
 		install_name_tool -id "@executable_path/$bin_name" "$dest_file"
 	fi
+
+	# The install_name_tool calls above break signatures. Recent versions
+	# of macOS make signatures mandatory, even if just ad-hoc ones.
+	codesign --remove-signature "$dest_file"
+	codesign --force -s - "$dest_file"  # ad-hoc signature
 }
 
 # Install the file, and recursively install any libraries: