From be53855957cb2d9c944b43092bec08b11d7ad257 Mon Sep 17 00:00:00 2001
From: Rene <errissa@gmail.com>
Date: Thu, 4 Jan 2024 19:00:00 -0500
Subject: [PATCH] Add script for signing Open3d viewer app on MacOS (#6568)

---
 cpp/apps/sign_open3d_app.sh | 37 +++++++++++++++++++++++++++++++++++++
 docs/release.md             |  6 +++++-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 cpp/apps/sign_open3d_app.sh

diff --git a/cpp/apps/sign_open3d_app.sh b/cpp/apps/sign_open3d_app.sh
new file mode 100644
index 00000000000..3a6a863d5b9
--- /dev/null
+++ b/cpp/apps/sign_open3d_app.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+#
+
+echo $#
+if [[ $# != 6 ]]; then
+    echo "Usage: $0 path/to/Open3d.app path/to/Open3d.entitlements apple-id cert_id team-id password"
+    exit 1
+fi
+
+echo "Running as $1 $2 $3 $4 $5 $6"
+
+# Sign app
+echo "Signing $1 with entitlements $2 cert: $4..."
+codesign --deep --force --options runtime --timestamp --entitlements $2 --sign $4 $1
+
+# Verify signing worked
+echo "Verifying signing..."
+codesign -dvv --strict $1
+
+appname=$1
+zipname="${appname%.app}.zip"
+
+# Create zip with ditto
+echo "Zipping to prepare for notarization..."
+ditto -c -k --rsrc --keepParent $1 $zipname
+
+# Send signed app in for notarization
+# Note: this command returns the result
+echo "Submitting for notarization..."
+xcrun notarytool submit $zipname --apple-id $3 --team-id $5 --password $6 --wait
+
+# Staple the original app
+xcrun stapler staple $1
+
+# Delete old zip and create a new one for distribution
+rm $zipname
+ditto -c -k --keepParent $1 $zipname
diff --git a/docs/release.md b/docs/release.md
index 490c4fe85c5..514114f5a04 100644
--- a/docs/release.md
+++ b/docs/release.md
@@ -24,7 +24,11 @@ Collect all release artifacts in the [Github draft release page](https://github.
 -   [ ] Build Open3D app
     -   [ ] Ubuntu 18.04, Windows 10, macOS 10.15 x86_64: (CI)
     -   [ ] macOS 12 arm64 (desktop)
-    -   [ ] macOS (x86_64, arm64) sign (desktop)
+    -   [ ] macOS (x86_64, arm64) sign (desktop):
+
+        From build/bin directory: `../../cpp/apps/sign_open3d_app.sh Open3D.app ../../cpp/apps/Open3DViewer/Open3dViewer.entitlements <apple-id>
+                                    <cert-name> <team-id> <app-password>`
+
     -   [ ] (TBD) Windows app sign
 -   [ ] Testing: Run all (especially visualization) examples and Open3D viewer with
         (Suzanne, Khronos helmet, large point cloud - apartment), on Linux x86-64,