Let me put my 2ยข. I have feeling that we are mixing up signing (install) packages, such as .pkg (OSX) or .msi (Windows), with signing bundles .app or whatever OSX binaries (that can keep signature inside macho).
I think that CPack should be responsible of signing only what it creates. Since CPack does not create .app bundle but just packs it into .pkg, .dmg or whatever else it shouldn't touch .app. Then code signing .app bundle should be part of install (cmake_install.cmake), triggered once the .app bundle is complete (final), probably after fixup_bundle. Once may not even want to use CPack, but still want to code-sign .app when installing. But this is just my personal opinion, Also I don't see any reason we need to implement that in C++ as this can be handled with cmake scripting capabilities. --Adam -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/cmake-developers