[cmake-developers] Support of codesign

[Eric Wing]

Sorry, I'm also very late on this thread, but there was a suggestion
that codesigning should be in CMake instead of CPack. I agree and also
say it needs to be integrated as part of the build process when
specified.

Here's a real world workflow. I use JavaScriptCore in my Mac
application which allows me to run various bits of JavaScript inside
my main application, as you would with other embedded scripting
languages like Lua. Safari has a feature that lets you attach the
Safari built-in debugger to other applications JavaScriptCore contexts
if you set the entitlement com.apple.security.get-task-allow. In order
to set the entitlement, you must codesign. And I want to emphasize,
this is a standard development workflow, not a release workflow which
means this is the common case.

The workflow should be:
- Edit code in your app
- Hit the Xcode run button to recompile and run/test.

CMake's current workflow doesn't work this way and it is annoying.
There are other things on Mac that require codesigning, such as if you
use sandboxing (some APIs behave differently under sandboxing so
testing under non-sandboxing has risks), or if you use certain Apple
services like iCloud, In-App-Purchases, and Game Center.


An additional note, any 3rd party libraries/frameworks embedded in the
app also must be codesigned.

I currently employed my own workarounds for both using a lot of
post_build/custom_command instructions. However my solution is still a
little clumsy with switching between different codesign keys
(Developer ID vs Mac App Store vs none). It would be nicer if you
could pick it in Xcode directly instead of having to regenerate CMake
everytime. Additionally, resigning all the 3rd party frameworks every
single time is kind of slow (my algorithm is kind of stupid), but
there are additional complications when you change the key to sign
with which is partly why my algorithm ended up playing stupid.

Thanks,
Eric