code sign all binaries when we can

diff --git a/cf/Makefile.am.common b/cf/Makefile.am.common
index a21a1bde4676540a3946ac90ae9b4b28a50318fd..c0cddf6a0bd4ba7d219f265e9add12d3a2235b56 100644 (file)
--- a/cf/Makefile.am.common
+++ b/cf/Makefile.am.common
@@ -66,14 +66,28 @@ libexec_heimdaldir = $(libexecdir)/heimdal
 install-suid-programs:
        @foo='$(bin_SUIDS)'; \
        for file in $$foo; do \
-       x=$(DESTDIR)$(bindir)/$$file; \
-       if chown 0:0 $$x && chmod u+s $$x; then :; else \
-       echo "*"; \
-       echo "* Failed to install $$x setuid root"; \
-       echo "*"; \
-       fi; done
-
-install-exec-hook: install-suid-programs
+               x=$(DESTDIR)$(bindir)/$$file; \
+               if chown 0:0 $$x && chmod u+s $$x; then :; else \
+                       echo "*"; \
+                       echo "* Failed to install $$x setuid root"; \
+                       echo "*"; \
+               fi; \
+       done
+
+install-exec-local: install-suid-programs
+
+codesign-all:
+       @if [ X"$$CODE_SIGN_IDENTITY" != X ] ; then \
+               foo='$(bin_PROGRAMS) $(sbin_PROGRAMS) $(libexec_PROGRAMS)' ; \
+               for file in $$foo ; do \
+                       echo "CODESIGN $$file" ; \
+                       codesign -f -s "$$CODE_SIGN_IDENTITY" $$file || exit 1 ; \
+               done ; \
+       fi
+       
+
+
+all-local: codesign-all
 
 install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) $(noinst_HEADERS)
        @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(noinst_HEADERS)'; \