Codesign Mac app for Catalina

[bsiegel]

It looks like codesigning jpackaged apps is still very much a work in progress. There's a large discussion here with some useful details about how to get them working on Catalina until official support arrives: adoptium/temurin-build#1130

The entitlements discussed in that thread unfortunately weren't sufficient, I found a few more necessary ones here after some trial and error: electron-userland/electron-builder#3940

Further discussions / resources that were extremely helpful include:

• http://openjdk.5641.n7.nabble.com/jpackage-and-macOS-Catalina-notarization-td398664.html#a399500
• http://www.zarkonnen.com/signing_notarizing_catalina
• http://kothar.net/macos_catalina_java_11

Finally, a lot of inspiration was drawn from https://github.com/Deep-Symmetry/beat-link-trigger/blob/master/.github/scripts/build_dmg.zsh - specifically we'll want to include the notarization steps here into the build script if we decide to notarize in the future.

---

To make this work, we'll need to pass the new argument -mac-sign-identity "<identity>" to build_image.py when building on Mac (it does nothing if passed on other OSes). Using my free Apple Development Certificate as the identity works for me locally, but Gatekeeper will block the app from launching with the message “PolyGlot” can’t be opened because Apple cannot check it for malicious software. The user will still have to right-click and Open the app the first time to white list it with Gatekeeper unless you have a paid Apple Developer account, sign it with your Developer ID Certificate, and notarize the app / dmg.

[bsiegel]

For future reference, the process to notarize an app from the command line kind of sucks: https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow#3087734