#!/bin/sh12# SPDX-FileCopyrightText: Copyright The Lima Authors3# SPDX-License-Identifier: Apache-2.045# This script is used to wrap the compiler and linker commands in the build6# process. It captures the output of the command and logs it to a file.7# The script's primary purpose is codesigning the output of the linker command8# with the entitlements file if it exists.9# If the OS is macOS, the result of the command is 0, the entitlements file10# exists, and codesign is available, sign the output of the linker command with11# the entitlements file.12#13# Usage:14# go build -toolexec hack/toolexec-to-codesign.sh1516repository_root="$(dirname "$(dirname "$0")")"17logfile="${repository_root}/.toolexec-to-codesign.log"1819echo $$: cmd: "$@" >>"${logfile}"2021output="$("$@")"22result=$?2324echo $$: output: "${output}" >>"${logfile}"2526entitlements="${repository_root}/vz.entitlements"2728# If the OS is macOS, the result of the command is 0, the entitlements file29# exists, and codesign is available, sign the output of the linker command.30if OS=$(uname -s) && [ "${OS}" = "Darwin" ] && [ "${result}" -eq 0 ] && [ -f "${entitlements}" ] && command -v codesign >/dev/null 2>&1; then31# Check if the command is a linker command.32case "$1" in33*link)34shift35# Find a parameter that is a output file.36while [ $# -gt 1 ]; do37case "$1" in38-o)39# If the output file is a executable, sign it with the entitlements file.40if [ -x "$2" ]; then41codesign_output="$(codesign -v --entitlements "${entitlements}" -s - "$2" 2>&1)"42echo "$$: ${codesign_output}" >>"${logfile}"43fi44break45;;46*) shift ;;47esac48done49;;50*) ;;51esac52fi5354# Print the output of the command and exit with the result of the command.55echo "${output}"56exit "${result}"575859